I have a Cisco Catalyst 4506 Series switch and a Sonicwall firewall. The firewall has 2 ports one for LAN the other for a DMZ, could I setup a vlan on the switch to divide the LAN and DMZ traffic from the firewall so I do not need another switch? Would this be a good idea, or is there something I am missing?
There are pros and cons to doing this. In short yes you can do this and provided you were careful with your configuration it would provide a decent level of security.
1) Firstly you need to get rid of Vlan 1. Get rid in that you do not use it for any type of traffic. If you currently manage your switch off vlan 1 or have users on it migrate them off it and use a different vlan for management. In aadition if you are using trunks in your network make the native vlan something other than vlan 1.
2) Obviously you will need to make sure that there is no layer 3 SVI for the DMZ and that it is only routed off the Sonicwall.
3) Have a quick read up on vlan hopping which may or may not make you think twice about using the same switch.
i have worked at places where they have used a 4500 to create all the DMZ interfaces but then a separate switch for the internal network. I would feel relatively comfortable with this but i would think twice about your setup as a configuration mistake could be quite serious.
I have also worked at sites where their level of security dicatated separate switches for each DMZ.
In the end it comes down to what you are trying to protect and the likelihood of someone wanting to get to it.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...