ā05-18-2010 02:44 AM - edited ā03-06-2019 11:08 AM
Hi Guys
couple of questions pls
1)Why we dedicate switch for the outside
2) why we dedicate switch for the DMZ
Pls am looking for explanation
ā05-18-2010 02:50 AM
Hi Guys
couple of questions pls
1)Why we dedicate switch for the outside
2) why we dedicate switch for the DMZ
Pls am looking for explanation
Ali
You don't have to dedicate switches ie. you can run the outside/dmz/inside on the same switch if you want but physical separation is always better. If you run them on the same switch then you are relying on vlans to keep everything separate and one misconfiguration or bug could allow traffic to bypass your firewall.
Having said that generally speaking i would be comfortable with having the DMZ and inside on the same switch as long as all security measure have been applied to the switch eg. don't use vlan 1 etc.. but i would still want a separate switch for the outside. But if i had the budget/switches i would always go with separate switches for an internet facing setup.
For a data centre setup where you are firewalling your servers from your internal users then you do not have to be so strict and indeed if you are using the FWSM in a 6500 chassis you end up with your outside/dmzs/inside on the same 6500 chassis anyway.
Jon
ā05-18-2010 03:14 AM
Hi Guys
couple of questions pls
1)Why we dedicate switch for the outside
2) why we dedicate switch for the DMZ
Pls am looking for explanation
As Suggested by Jon we never dedicate switches for Outside or DMZ,we can achive the same task with single switch also.But as network design and future capacity planning with bandwidth and application usage with redundacny in mind designers used to have separate switches for each segments like Outside or DMZ.
Switches are dedicated with reference with server capacity and traffic flowing in and out from servers in network.So basiscally to have redundancy and to overcome single point of failure to have high performance we used to have separet switches with separet segments.
Hope to help !!
Ganesh.H
ā05-18-2010 03:25 AM
Ganesh
As Suggested by Jon we never dedicate switches for Outside or DMZ
this isn't actually what i said. I said that you can use the same switch for outside and DMZ and inside but that it was less secure than using separate switches. For a DC environment maybe more acceptable but for an internet facing setup i would still recommend at least a separate switch for the outside and if you have it a separate switch(es) for DMZ.
Jon
ā05-18-2010 03:29 AM
Ganesh
As Suggested by Jon we never dedicate switches for Outside or DMZ
this isn't actually what i said. I said that you can use the same switch for outside and DMZ and inside but that it was less secure than using separate switches. For a DC environment maybe more acceptable but for an internet facing setup i would still recommend at least a separate switch for the outside and if you have it a separate switch(es) for DMZ.
Jon
Jon,
It was my typo error actually we can use the same switch which you have already stated in your thread ....
Ganesh.H
ā05-18-2010 06:11 AM
thanks a lot guys
by the way jon, congratultion for ur new gold start beside ur name
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide