| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] DMZ via VLAN
I've got a question in regards to running a DMZ on the same physical
switches as my internal network, but segmented by VLAN. Currently, I've got
several 10/100 switches on my backbone, so my DMZ is physically seperated.
However, we're looking at upgrading to a gigabit backbone. Obviously,
gigabit switches are still somewhat pricey, and our DMZ is really only about
6 servers. Soooo, the idea came to me to use VLANs to isolate the DMZ and
internal networks on the same physical switch.
Does anyone have any experience with this, or opinions on how it
would impact security or performance? The gigabit switch I'm looking at is
also capable of Layer 3 switching, but obviously any layer 3 traffic between
these two VLANS would have to go through the firewall, I'll need to make
sure I can specify that in the switch's software. Recommendations of
quality gigabit switches that can support up to 24 gig ports, and 48 100 meg
ports would also be appreciated, but that's not really the point of my
message.
Thanks in advance for the wonderful insights.
Jeff Jarmoc - CCNA, MCSE
Network Analyst - Grubb & Ellis
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
