10-16-2008 09:46 AM - edited 03-11-2019 06:58 AM
Hi,If i create V-lans on FW and same V-lans I configure on switch. Which one wud be great option as per security concerned. Switch or FW???? Thanks.
Solved! Go to Solution.
10-16-2008 10:45 AM
Its better to have VLANs configured on FW
a)FW treats VLAN on itself just like another logical interface
b)Will not allow traffic to flow across this VLAN/Interface unless you have ACLs and translation in place, also only traffic for which there is a valid connection would be allowed to this VLAN
c)Switch does not have statefull nature/security , which means if there is Inter-VLAN routing enabled on this switch the packet would start flowing to/from this "VLAN"
unless you have VACLs blocking this traffic,which again is only L3 security but no statefullness
10-16-2008 10:45 AM
Its better to have VLANs configured on FW
a)FW treats VLAN on itself just like another logical interface
b)Will not allow traffic to flow across this VLAN/Interface unless you have ACLs and translation in place, also only traffic for which there is a valid connection would be allowed to this VLAN
c)Switch does not have statefull nature/security , which means if there is Inter-VLAN routing enabled on this switch the packet would start flowing to/from this "VLAN"
unless you have VACLs blocking this traffic,which again is only L3 security but no statefullness
10-16-2008 11:47 AM
Thanks!!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: