diagram
About This Architecture
Three-tier enterprise network with DMZ perimeter security using Palo Alto PA-3200 firewall separating untrusted internet from core infrastructure. Traffic flows from ISP through the firewall to DMZ servers (Web VLAN 100, DB VLAN 101) and redundant H3C S6520 core switches serving the trusted office network. Aggregation layer uses dual L3 switches (Agg-SW-01 and Agg-SW-02) for load distribution, feeding four L2 access switches that connect end devices across seven VLANs (Office, Finance, R&D, Management, WiFi, Web, Database). This architecture demonstrates defense-in-depth with firewall perimeter control, VLAN-based segmentation, redundant core switching, and hierarchical access design for scalability and fault tolerance. Fork this diagram on Diagrams.so to customize switch models, add additional security zones, or adapt VLAN assignments for your organization. The dual-core design with cross-links ensures high availability and eliminates single points of failure in the switching fabric.
People also ask
How do you design a secure enterprise network with DMZ separation, redundant core switching, and VLAN segmentation?
This diagram shows a production enterprise network using a Palo Alto PA-3200 firewall to separate untrusted internet from a DMZ (Web and DB servers) and trusted office network. Redundant H3C S6520 core switches provide high availability, dual L3 aggregation switches distribute traffic, and four L2 access switches connect end devices across seven VLANs (Office, Finance, R&D, Management, WiFi, Web,
- Domain:
- Networking
- Audience:
- Network architects designing enterprise campus networks with DMZ segmentation and multi-tier switching
Generated by Diagrams.so — AI architecture diagram generator with native Draw.io output. Fork this diagram, remix it, or download as .drawio, PNG, or SVG.
