I’m using Cisco Configuration Assistant (CCA) v3.2.3 to create a Server VLAN 300, and Guest VLAN 400 on a Cisco UC500.
When I go to: Configure > Security > Firewall and DMZ > Firewall tab there are two sections on the screen.
On the left there is: “Outside (untrusted) Interface” which only has Dialer0 (fastEthernet0/0) listed.
On the right there is: “Inside (trusted) Interface” which has Loopback0 ticked, VLAN 1 (default) ticked, VLAN 100 (voice) ticked, VLAN 300 and VLAN 400.
We want the Guest VLAN to be protected from the Internet via firewall.
Also, the Guest VLAN is definitely “Inside” because it is not an outside interface. But we do not trust it amongst other VLANs e.g. Server VLAN 300.
Question 1: Should the Guest VLAN be ticked (selected) as “Inside (trusted) Interface” or unselected?
Question 2: If it is not ticked (unselected) as “Inside (trusted) Interface”, will the Guest VLAN be more vulnerable to Internet attacks?