Firewall Wizards mailing list archives

Re: Using VLAN's in Firewall topologies

From: "Ge' Weijers" <ge () progressive-systems com>
Date: Wed, 21 Jul 1999 09:44:44 -0400

On Tue, Jul 20, 1999 at 06:20:30PM +1000, btsec wrote:

Recently I have come across firewall design topologies involving switches
(eg Catalyst 5000) which are implementing VLANS.

[...]

I personally am a bit concerned about using Switches (VLANS)
in such a design. I haven't seen too many security designs involving them.

Any comments on using switches for such purposes?


One. Disable remote management on a switch used for that purpose. No
SNMP, no telnet, no IP address. Get a switch that can be configured
through the serial port.

Given the price of good quality non-VLAN capable switches I'd go for
multiple switches in stead of VLANs.

I see some use for a switch in this configuration:

Internet ---- Router ----- Switch ------ Firewall/Router ----- Internal
                             |
                           Web servers

In this configuration you don't need any three-port routers.

Ge'

-- 
-
Ge' Weijers                                Voice: (614)326 4600
Progressive Systems, Inc.                    FAX: (614)326 4601
2000 West Henderson Rd. Suite 400, Columbus OH 43220

Current thread:

Using VLAN's in Firewall topologies btsec (Jul 20)
- Re: Using VLAN's in Firewall topologies Ge' Weijers (Jul 21)
- Re: Using VLAN's in Firewall topologies Kevin Steves (Jul 26)
- <Possible follow-ups>
- Re:Using VLAN's in Firewall topologies Dallas N Bishoff (Jul 21)
- Re: Using VLAN's in Firewall topologies CarlosCapmany Francoy (Jul 23)
  - Re: Using VLAN's in Firewall topologies Ivan Arce (Jul 27)
    - Re: Using VLAN's in Firewall topologies Jan B. Koum (Jul 29)