Firewall Wizards mailing list archives
switches in a fw environment
From: Gerhard Mezger <Gerhard.Mezger () mail inuco ch>
Date: Tue, 30 Jun 1998 18:20:43 +0000
How do you feel about the usage of switches interconnecting different security domains? To illustrate my question let's take a look at a very simplified Internet connection: PR ----------- Firewall --------- internal net (S) ! ! WEB PR=Provider Router; WEB=Webserver in DMZ; S=System in the internal net (running critical appliacations). Internet users are only allowed to access the Webserver; access from the internal net to the Internet is very restricted. So far the logical layout. Letns now look at a possible physical implementation using VLANs: Firewall ! ! ! vlans 1 2 3 +---------+ PR---------- ! Switch !-----------S vlan1 +---------+ vlan3 ! vlan2 ! ! WEB I am not sure about the security risk imposed by a central switch especially because the management of the switch will be done over a (separate) VLAN. I am searching for arguments to become either more comfortable with this solution or to have strong technical arguments against it. Your input is highly appreciated Gerhard
Current thread:
- switches in a fw environment Gerhard Mezger (Jun 30)