Query

Answered Question
Oct 16th, 2008

Hi,If i create V-lans on FW and same V-lans I configure on switch. Which one wud be great option as per security concerned. Switch or FW???? Thanks.

I have this problem too.
0 votes
Correct Answer by abinjola about 8 years 1 month ago

Its better to have VLANs configured on FW

a)FW treats VLAN on itself just like another logical interface

b)Will not allow traffic to flow across this VLAN/Interface unless you have ACLs and translation in place, also only traffic for which there is a valid connection would be allowed to this VLAN

c)Switch does not have statefull nature/security , which means if there is Inter-VLAN routing enabled on this switch the packet would start flowing to/from this "VLAN"

unless you have VACLs blocking this traffic,which again is only L3 security but no statefullness

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
abinjola Thu, 10/16/2008 - 10:45

Its better to have VLANs configured on FW

a)FW treats VLAN on itself just like another logical interface

b)Will not allow traffic to flow across this VLAN/Interface unless you have ACLs and translation in place, also only traffic for which there is a valid connection would be allowed to this VLAN

c)Switch does not have statefull nature/security , which means if there is Inter-VLAN routing enabled on this switch the packet would start flowing to/from this "VLAN"

unless you have VACLs blocking this traffic,which again is only L3 security but no statefullness

Actions

This Discussion