Online banking secure zoning project of a commercial bank

Project background
The Internet access zone of a commercial bank is primarily used to support Internet-based services, e.g. online banking and IPAD online banking.
The online banking secure zoning project of this commercial bank is expected to realize multilayered security protections through firewalls, IPS and application protection systems and hence guarantee the all-around security of online banking. Link load equalizers were deployed to provide the best routing to Internet users. Server load equalization and content acceleration also enables the release of reliable and high-performance online banking applications to Internet users.

Project scale
ØFour firewalls were adopted for the Internet access zone to isolate the internal network, the Internet server cluster and the external network;
ØWorking and standby firewalls were adopted. Firewalls of different manufacturers are adopted for the internal network and the external network;
ØThe two firewalls of the external network were embedded with IPS hardware modules to prevent intrusions;
ØWEB/transaction server cluster were deployed on DMZ2 and the middleware server cluster was deployed on DMZ1;
ØTwo load equalizers were deployed at the Internet exit;
ØA server load equalizer was deployed on DMZ2 of the online banking zone;
ØTwo WEB firewalls were deployed on DMZ2 of the online banking zone;
ØRemote security evaluation system products were deployed in the internal network administration zone.

Network topology