I'm hoping somone on here could answer a few questions for me concerning gigabit networking with a firewall.
I'm about to upgrade my home network to gigabit. I currently have a firewall with 3 interfaces - lan, dmz and internet. The lan interface goes to a 10/100 switch with 4 wired ports and is also a wireless point (3 machines wired and 2 laptops on the wireless), the dmz goes to a 5 port 10/100 switch (1 machine right now), and the internet goes straight to my cable modem. What I'm thinking of doing is: 1) replacing two of the 10/100 nics in the firewall with 10/100/1000 nics (for lan and dmz) 2) replacing the 10/100 nics in the other machines with 10/100/1000 nics 3) replacing the lan switch with an 8 port 10/100/1000 switch 4) hanging the old lan switch off one of the ports on the new switch (to use strictly for wireless) 5) replacing the dmz switch with a 5 port 10/100/1000 switch I see this having 4 bottlenecks: 1) firewall <-> cable modem (I'll leave a 10/100 nic in the firewall for the internet interface - the modem will only connect to the firewall at 10 half duplex anyway) 2) cable modem <-> COX 3) machines in the lan <-> machines in the dmz (the firewall that connects the two nets is a pretty low powered machine right now - AMD K6 2 350, so I don't see it being able to keep the pipes full) 4) wireless access point <-> lan switch (doesn't matter since the only machines on this leg are wireless). The main benefit I'm looking for is the ability to move huge (3-10 GB) files (vmware sessions, install cd/dvd isos, etc.) around on the lan machines (excluding the wireless laptops of course). I'm going ahead and uping the dmz switch and machines right now so that when I replace the firewall with a beefier machine the lan <-> dmz bottleneck should open up. Bottlenecks 1, 2, and 4 are inherent in the equipment/technology so I'm not worried about them. The questions I have are: 1) Will traffic between lan machines have to go through the firewall (creating a bottleneck I didn't forsee)? 2) Will upgrading the firewall machine later open up the lan <-> dmz bottleneck like I think? If its relevant, the different net settings are: The lan and dmz are different networks (192.168.0.x and 192.168.1.x), all machines have a netmask of 255.255.255.0 and a default gateway of their respective interface on the firewall (192.168.0.1 or 192.168.1.1). Thanks James
