Network Overview

The project aims to implement a robust, secure, and scalable network infrastructure that ensures high availability and optimal performance for business operations. The proposed solution incorporates:

• Network Segmentation: Departments are assigned dedicated VLANs to enhance security and reduce broadcast traffic.
• Network Security: Two Firewalls are added to ensure network security. Each site will have 1 firewall.
• Site-to-Site IPsec VPN: A secure IPsec VPN will link the Vancouver and Toronto offices, enabling seamless communication.
• Redundant Core Network: High-performance core switches and firewalls will ensure network reliability.
• Centralized Server Management: All essential services are hosted in Vancouver, accessible securely from Toronto.
• Wireless Infrastructure: Enterprise-grade Wi-Fi coverage for employees and guests in both locations.
• DMZ (Demilitarized Zone): Servers are hosted at a Demilitarized Zone to separate the outside traffic to a separate zone.
• Redundant Access Layer Connectivity: 

Network Component Roles

To achieve optimal performance, security, and redundancy, the network will include:

Cisco Firepower Firewalls: Securing internal and external traffic while enforcing security policies.

DHCP & DNS Servers: Managing IP addressing and domain name resolution.

Email & Web Servers: Enabling seamless communication and web hosting.

WAN Optimization: Reducing latency and ensuring smooth data transfers between offices.

Configured Security Solutions

To protect the corporate network from cyber threats and unauthorized access, the following security strategies will be implemented:

Network Segmentation with VLANs: Departments will be isolated using VLANs to enhance security and minimize unauthorized access between departments.

Firewall Security Zones: The firewall will establish multiple security zones, segregating public, private, and DMZ networks to enforce access controls and protect sensitive resources.

Layer 3 Core Switches with HSRP & LACP: Two Layer 3 core switches configured with Hot Standby Router Protocol (HSRP) for redundancy and Link Aggregation Control Protocol (LACP) for increased bandwidth and failover protection.

Access Switches with LACP: Each department will have two access switches connected using LACP for improved link reliability and load balancing.

Traffic Filtering & Inspection: Firewalls will inspect and filter traffic entering and leaving each security zone based on policies to prevent unauthorized access and mitigate cyber threats.

Access Control Lists (ACLs): Restricting unauthorized traffic within the network.

VPN Encryption: Secure IPsec VPN tunnels will provide encrypted communication between Vancouver and Toronto, ensuring the confidentiality and integrity of data transmitted over the WAN.

Redundant Network Infrastructure: HSRP ensures high availability of the core network by dynamically switching to a standby router in case of failure.

Regular Security Audits: Monitoring and updating network security policies to align with evolving cybersecurity threats.