10-16-2008 09:46 AM - edited 03-11-2019 06:58 AM
Hi,If i create V-lans on FW and same V-lans I configure on switch. Which one wud be great option as per security concerned. Switch or FW???? Thanks.
Solved! Go to Solution.
10-16-2008 10:45 AM
Its better to have VLANs configured on FW
a)FW treats VLAN on itself just like another logical interface
b)Will not allow traffic to flow across this VLAN/Interface unless you have ACLs and translation in place, also only traffic for which there is a valid connection would be allowed to this VLAN
c)Switch does not have statefull nature/security , which means if there is Inter-VLAN routing enabled on this switch the packet would start flowing to/from this "VLAN"
unless you have VACLs blocking this traffic,which again is only L3 security but no statefullness
10-16-2008 10:45 AM
Its better to have VLANs configured on FW
a)FW treats VLAN on itself just like another logical interface
b)Will not allow traffic to flow across this VLAN/Interface unless you have ACLs and translation in place, also only traffic for which there is a valid connection would be allowed to this VLAN
c)Switch does not have statefull nature/security , which means if there is Inter-VLAN routing enabled on this switch the packet would start flowing to/from this "VLAN"
unless you have VACLs blocking this traffic,which again is only L3 security but no statefullness
10-16-2008 11:47 AM
Thanks!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide