[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] DMZ via VLAN
Jeff, I think it is too risky.... Think that the switch could be the weakest ring into your chain.... best wishes Aylton ----- Original Message ----- From: "Jarmoc, Jeff" <[email protected]> To: <[email protected]> Sent: Monday, April 02, 2001 5:44 PM Subject: [FW1] DMZ via VLAN > > I've got a question in regards to running a DMZ on the same physical > switches as my internal network, but segmented by VLAN. Currently, I've got > several 10/100 switches on my backbone, so my DMZ is physically seperated. > However, we're looking at upgrading to a gigabit backbone. Obviously, > gigabit switches are still somewhat pricey, and our DMZ is really only about > 6 servers. Soooo, the idea came to me to use VLANs to isolate the DMZ and > internal networks on the same physical switch. > Does anyone have any experience with this, or opinions on how it > would impact security or performance? The gigabit switch I'm looking at is > also capable of Layer 3 switching, but obviously any layer 3 traffic between > these two VLANS would have to go through the firewall, I'll need to make > sure I can specify that in the switch's software. Recommendations of > quality gigabit switches that can support up to 24 gig ports, and 48 100 meg > ports would also be appreciated, but that's not really the point of my > message. > > Thanks in advance for the wonderful insights. > > Jeff Jarmoc - CCNA, MCSE > Network Analyst - Grubb & Ellis > > > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|