Switch VLAN's inside/outside Firewall?

By tomjhen ·
In the same room, there is a need for switches on both the protected and Internet sides of the firewall. If configured correctly, can a managed switch be safely used with separate VLAN's inside and outside the firewall, rather than using 2 separate physical switches?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

sure provided you take the necessary precautions

by CG IT In reply to Switch VLAN's inside/outs ...

to secure the vlan and the switchports on the vlan and configure the router access control list appropriately.

Collapse -


by tomjhen In reply to sure provided you take th ...

VLAN in protected network is trunked to other switches. VLAN for connections outside the firewall would only be on one switch and would not be trunked to any other switch. Switch ports for the connections outside the firewall would be "access" type (rather than trunk) and would be assigned only to the non-trunked VLAN.

Are there other VLAN settings to be checked?

Thanks much for your response!

Collapse -

so hosts in that VLAN which are in the DMZ get to the default gateway how?

by CG IT In reply to Setup

if hosts in a vlan don't need to get to the default gateway, then you simply remove them as allowed access on the trunk line. also make sure that switchports in the vlan can't negotiate mode..

If you need them to get to the default gateway, but need to block access for all other vlans and hosts, you setup a trunk line for it and deny all other vlans access on it. you also make sure switchports can't negotiate modes

The other thing to watch out for is VTP.

Related Discussions

Related Forums