Hi,If i create V-lans on FW and same V-lans I configure on switch. Which one wud be great option as per security concerned. Switch or FW???? Thanks.
Its better to have VLANs configured on FW
a)FW treats VLAN on itself just like another logical interface
b)Will not allow traffic to flow across this VLAN/Interface unless you have ACLs and translation in place, also only traffic for which there is a valid connection would be allowed to this VLAN
c)Switch does not have statefull nature/security , which means if there is Inter-VLAN routing enabled on this switch the packet would start flowing to/from this "VLAN"
unless you have VACLs blocking this traffic,which again is only L3 security but no statefullness