Is there is anything remotely like the "best network setup"? For me and I'm pretty confident that to most spice-heads the answer to this question will be that it depends on the particular environment. However I'm tasked with the onerous task of designing the "best network setup" for my organization.
Currently we have a UTM device serving as our gateway which routes internet traffic and is also responsible for SSL VPN for remote access, IP-Sec site to site for WAN connectivity, IPS and gateway anti-virus. This drops into a core switch from where all edge switches are uplinked via SFPs. The guest wifi access is on a separate interface from the wireless controller to the UTM which segregates guest traffic from corporate traffic.
We have no critical(security and/or availability) servers running on LAN we've got Active Directory, File, Endpoint Backup, Endpoint AV, and IP PBX servers apart from those, the network's primary function is to provide internet access to employees as our real stuff sits in the cloud. My goal is to keep the network as simple as possible. However this type of setup does not seem to supply the WoW factor that the management needs, a more complex setup where we have separate appliances for VPN-ASA, A "cisco" router right before the UTM, a new firewall behind the UTM, Like four new VLANs in the network, cisco ISE (note that the current UTM integrates with AD to perform most of this function) is being proposed.
So this is my question spice-heads, I need a way to convince management that there is no real requirement for this proposed setup as we currently have no performance issues with regards to network services and I seem to have failed at that, hence i would appreciate some suggestions on how to make it a little more complex and to spice things up a bit in our network (harware/config wise)....Cost doesn't seem to be a factor, So i would welcome ideas on how to make things "best"...
Current Devices:
UTM
Cisco catalyst SFP core switch
SG Series Managed edge switches
Cisco wireless controller
Network Monitoring APP