Re: Maximum number of subnets on a firewall

[Mikael Olsson <mikael.olsson () clavister com>]

Paolo Supino wrote:
> Hi
>
>   The following story and question aren't product specific so please don't
> try to attach it to any available product: I was asked to plan a network for
> a group of 3 companies (all located in the same building and want to use the
> same infrastracture). From gathering the requirements of each of the
> companies I've concluded that all of them together will need 10 subnets
> (including the subnet that is connected to the internet). Since the biggest
> number of subnets per firewall that I ever installed was 6. Setting up 10
> subnets on 1 firewall (to me) seems too much for me so I'm looking for a way
> to have the 10 networks on 2 (or 3) different firewalls. If you have any
> suggestions on a possible layout I'd be very happy to read it.

Without specifying what kinds of firewalls you're looking at, or what
you mean by "use the same infrastructure", it's kind of difficult to
even begin to help you.

I've managed firewalls with a dozen physical interfaces, and ones with
100+ VLANs, and ones with oodles of subnets (which is really only a 
routing table issue unless you're doing some kind of meaningful
separation).

What it comes down to is a sane management structure.  If management
gets messy, yes, you may want to separate the firewalling function
into several boxes.  But if everything is cross-connected so far that
that you just end up with a management nightmare of duplicated rules
and general messines, well ...

Perhaps you can provide a bit more information?

-- 
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50       WWW: http://www.clavister.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards