VLAN's sharing common services via FW

Unanswered Question
Aug 21st, 2007


I need to allow multiple vlans access to shared subnets whist maintaining vlan and IP security via a FW. What's be best way of doing this ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
royalblues Tue, 08/21/2007 - 13:33

Which FW do you have?

if you have an ASA firewall you can create security contexts and map these to each vlan you create on the switches



rboldy123 Tue, 08/21/2007 - 13:59


That's basically what I'm looking to do. I have Checkpoint FW, is it possible to map vlans to subnet's/ports using Checkpoint ?

Jon Marshall Tue, 08/21/2007 - 22:41


Not entirely sure i fully understand your requirements.

If you want to map checkpoint interfaces to vlans then just ensure the relevant port that the checkkpoint interface connects into is in the right vlan.

Checkpoints can also do 802.1q trunking.


royalblues Wed, 08/22/2007 - 00:01


I think the user wants to have virtual instances & each instance to be mapped to one vlan.

If we map the physical interfaces, thne he may require a lot of them depending on the vlans


rboldy123 Wed, 08/22/2007 - 12:31

yes I have an 802.1q truck carrying multiple vlans to the FW and the same on the other side...

for example I want to allow vlan 10,20 & 30 to access vlan 100 on the inside but don't want 10,20 & 30 to be able to talk to each other via vlan 100 !


This Discussion