Firewall Wizards mailing list archives

DMZ - the physical layer

From: John White <johnjohn () triceratops com>
Date: Tue, 7 Mar 2000 18:32:00 -0800

I was looking through the archives of the greatcircle
firewall list and came across some opinions regarding
the construction of DMZ's.

I'm using Baystack 450's as my backbone switches.
Bay 450's have a virtual lan function which can
be used to limit a collision domain to specific
ports.  I was planning on using this function to
create the DMZ.

However, I ran across some opinions that this type of
action was quite foolish.

Can someone give me the cons to this proposal?

An option would be to buy a cheap Netgear switch 
(under $500) to be a physically separate DMZ. 

Pros and cons on that vs the virtual lan?  $500
is a small price to pay if there are security problems
when using a vlan aa a DMZ.

John

Current thread:

DMZ - the physical layer John White (Mar 12)
- Re: DMZ - the physical layer Aaron D. Turner (Mar 17)
  - Re: DMZ - the physical layer Bennett Todd (Mar 21)
- Re: DMZ - the physical layer Doug Fajardo (Mar 21)
- <Possible follow-ups>
- RE: DMZ - the physical layer fernando_montenegro (Mar 17)
- RE: DMZ - the physical layer Ben Nagy (Mar 21)
  - RE: DMZ - the physical layer aturner (Mar 23)
- RE: DMZ - the physical layer Carl Friedberg (Mar 21)