Firewall Wizards mailing list archives
Re: Using VLAN's in Firewall topologies
From: "Ge' Weijers" <ge () progressive-systems com>
Date: Wed, 21 Jul 1999 09:44:44 -0400
On Tue, Jul 20, 1999 at 06:20:30PM +1000, btsec wrote:
Recently I have come across firewall design topologies involving switches (eg Catalyst 5000) which are implementing VLANS.
[...]
I personally am a bit concerned about using Switches (VLANS) in such a design. I haven't seen too many security designs involving them. Any comments on using switches for such purposes?
One. Disable remote management on a switch used for that purpose. No SNMP, no telnet, no IP address. Get a switch that can be configured through the serial port. Given the price of good quality non-VLAN capable switches I'd go for multiple switches in stead of VLANs. I see some use for a switch in this configuration: Internet ---- Router ----- Switch ------ Firewall/Router ----- Internal | Web servers In this configuration you don't need any three-port routers. Ge' -- - Ge' Weijers Voice: (614)326 4600 Progressive Systems, Inc. FAX: (614)326 4601 2000 West Henderson Rd. Suite 400, Columbus OH 43220
Current thread:
- Using VLAN's in Firewall topologies btsec (Jul 20)
- Re: Using VLAN's in Firewall topologies Ge' Weijers (Jul 21)
- Re: Using VLAN's in Firewall topologies Kevin Steves (Jul 26)
- <Possible follow-ups>
- Re:Using VLAN's in Firewall topologies Dallas N Bishoff (Jul 21)
- Re: Using VLAN's in Firewall topologies CarlosCapmany Francoy (Jul 23)
- Re: Using VLAN's in Firewall topologies Ivan Arce (Jul 27)
- Re: Using VLAN's in Firewall topologies Jan B. Koum (Jul 29)
- Re: Using VLAN's in Firewall topologies Ivan Arce (Jul 27)