I have the following network design as below, I would like to know if there is any security constraints or issue for the traffic to hit the 4510 switch before the firewall, then going back to 4510 switch.
router(layer 3----- (trunk)cisco3750(switch port ----- (switch port access)cisco4510-module1(trunk) --- (layer 3 sub-int) FW (layer 3) -- (layer 3)4510-module-2
Thanks for the information. But would there be any security concern that you might foresee?
No. other than the fact that you are using the same physical switch so there is always a chance of misconfiguration which could cause you security issues. There have been quite a few discussions on the pros and cons of having separate physical switches against using a chassis based switch and using vlans to segregate.
Using physical switches will pretty much always be more secure but it's perfectly acceptable to use a modular switch for this. As Mohamed said though, you cannot protect the 4500 chassis as well as if it was entirely behind the firewall.
If you do use the switch in this way then make sure you lock it down as much as possible. Certainly you need to look at the basics such as not using vlan 1 for any switchports/management etc. In case you haven't seen it here is a good paper on vlan security. It's for the 6500 but most of it will be relevant for the 4500 -
What is the reason of placing the FW physically between module 1 & 2??
The 1st module is exposed to traffic attacks and not protected by the FW, the best approach is to have the FW placed in front of module 1.