This is a topic that has come up for discussion within our team a couple of times during the last few months. I wondered what other people's thoughts were on this subject - whether to use seperate physical hardware or VLANs for the creation and provision of DMZ networks?
I am wondering if this is a matter of 'upbringing'. For example, I started my career in an environment where VLANs were used extensively for isolation of numerous networks of differing security levels so I am quite comfortable with using VLANs for this type of L2 isolation. However, other colleagues are much more comfortable using seperate physical hardware in such situations.