Safire Knowledge Base

Enterprise Internal Segmentation Mix (Very Large)

Network Topology

Enterprise Internal Segmentation


The firewall is placed inside the enterprise network to secure enterprise network by segmenting the corporate LAN and protecting each segment from others against malware and virus usually by means of application control, antivirus, web filtering, DNS filtering, and SSL deep inspection. It is usually referred to as “Zero Trust”. Traffic characteristics are symmetric and west-east. Throughput demand is high since enterprise LAN capacities and speeds are orders of magnitudes higher than at the edge.


Users (Client IPs): 32800
Applications: 37
Sessions: 410600 (incl. 324000 TLS sessions)
Allocated Bandwidth: 15.68 Gbps