Firewall Wizards mailing list archives

Best way to segragate servers

From: "Shimon Silberschlag" <shimons () bll co il>
Date: Mon, 12 Jul 2004 13:02:15 +0200

Having a setup that dictates, as a rule, that no server can talk with any
other server unless this traffic is allowed and enforced by a "third party",
3 design suggestions have come up:

Using PVLAN to separate the servers. All servers will be on the same subnet.
Requires some routing table tweaking on the server, to send inter-server
traffic to the FW.

Using 802.1q to define VLANS on the FW and enforcing the policy there.

Using PBR (policy based routing) to send inter-server traffic to the FW.

The number of servers can change from 10 to 300.

What would be your recommendation? What are the pros and cons?

Shimon Silberschlag

+972-3-9351572
+972-51-207130


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Multiple MAC address on one interface chicks (Jul 10)
- Re: Multiple MAC address on one interface Marcus J. Ranum (Jul 10)
  - Best way to segragate servers Shimon Silberschlag (Jul 13)
  - Re: Multiple MAC address on one interface Mircea MITU (Jul 13)
- Re: Multiple MAC address on one interface Mark (Jul 13)
- Re: Multiple MAC address on one interface Jeremiah Cornelius (Jul 13)
- Re: Multiple MAC address on one interface Harald Welte (Jul 13)
- Re: Multiple MAC address on one interface Jason (Jul 13)
- Re: Multiple MAC address on one interface Rogan Dawes (Jul 13)
- Re: Multiple MAC address on one interface Ng Pheng Siong (Jul 13)