Firewall Wizards mailing list archives
Using VLAN's in Firewall topologies
From: "btsec" <btsec () magna com au>
Date: Tue, 20 Jul 1999 18:20:30 +1000
Recently I have come across firewall design topologies involving switches (eg Catalyst 5000) which are implementing VLANS. For example (View with Courier Font): Internet----Router1-----Switch1---Router3--Internal Network | Internet----Router2-----Switch2---Router4--Internal Network Where the Switch is configured such that there are a number of VLANS, with different subnets comprising of a Firewall and a DMZ for example. So logically it could look like the below Internet----Routers----Firewall---web servers---Routers----Internal Network I personally am a bit concerned about using Switches (VLANS) in such a design. I haven't seen too many security designs involving them. Any comments on using switches for such purposes? A few thoughts- Pros - less hardware (hubs and interconnects via trunking) - switch faster than hub - less chance of snooping Cons - No physical separation of outside and DMZ - security issues with VLANs, ISL trunking? Thanks Paul Therkelsen
Current thread:
- Using VLAN's in Firewall topologies btsec (Jul 20)
- Re: Using VLAN's in Firewall topologies Ge' Weijers (Jul 21)
- Re: Using VLAN's in Firewall topologies Kevin Steves (Jul 26)
- <Possible follow-ups>
- Re:Using VLAN's in Firewall topologies Dallas N Bishoff (Jul 21)
- Re: Using VLAN's in Firewall topologies CarlosCapmany Francoy (Jul 23)
- Re: Using VLAN's in Firewall topologies Ivan Arce (Jul 27)
- Re: Using VLAN's in Firewall topologies Jan B. Koum (Jul 29)
- Re: Using VLAN's in Firewall topologies Ivan Arce (Jul 27)