InternVLAN rules on PIX506

Answered Question
Jun 6th, 2008

Hi all,

I need to build up a DMZ with a PIX506. My idea is to make a trunk between PIX and switch, assign a VLAN for the DMZ.

Mi question is, can PIX506 handle firewall-rules between the VLAN's (internal <-> dmz)?

Thank's,

Norbert

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 8 years 6 months ago

Norbert

Not sure what you are asking here. The 506E supports up to 2 vlans on an interface so you can do what you want. Each vlan interface is treated as a physically separate interface in terms of security levels/access-lists etc.

So if you have an inside and a DMZ on the same interface you can apply separate access-lists to each interface.

Does this answer your question ?

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Fri, 06/06/2008 - 03:50

Norbert

Not sure what you are asking here. The 506E supports up to 2 vlans on an interface so you can do what you want. Each vlan interface is treated as a physically separate interface in terms of security levels/access-lists etc.

So if you have an inside and a DMZ on the same interface you can apply separate access-lists to each interface.

Does this answer your question ?

Jon

alig.norbert Fri, 06/06/2008 - 04:58

Jon

Thank's for the answer.

Yes I want to control the traffic between DMZ (VLAN-xx)<-> inside (VLAN-yy) over the PIX.

Greets,

Norbert

Actions

This Discussion