Query

Answered Question
Oct 16th, 2008
User Badges:

Hi,If i create V-lans on FW and same V-lans I configure on switch. Which one wud be great option as per security concerned. Switch or FW???? Thanks.

Correct Answer by abinjola about 8 years 5 months ago

Its better to have VLANs configured on FW


a)FW treats VLAN on itself just like another logical interface


b)Will not allow traffic to flow across this VLAN/Interface unless you have ACLs and translation in place, also only traffic for which there is a valid connection would be allowed to this VLAN


c)Switch does not have statefull nature/security , which means if there is Inter-VLAN routing enabled on this switch the packet would start flowing to/from this "VLAN"

unless you have VACLs blocking this traffic,which again is only L3 security but no statefullness




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
abinjola Thu, 10/16/2008 - 10:45
User Badges:
  • Cisco Employee,

Its better to have VLANs configured on FW


a)FW treats VLAN on itself just like another logical interface


b)Will not allow traffic to flow across this VLAN/Interface unless you have ACLs and translation in place, also only traffic for which there is a valid connection would be allowed to this VLAN


c)Switch does not have statefull nature/security , which means if there is Inter-VLAN routing enabled on this switch the packet would start flowing to/from this "VLAN"

unless you have VACLs blocking this traffic,which again is only L3 security but no statefullness




Actions

This Discussion