10-31-2003 09:54 AM - edited 03-02-2019 11:24 AM
Hello All:
Have a question regarding VLANS. I'm running 2 sonicwalls each with their own DMZ. I would like to expand the DMZ on each FW without purchasing 2 seperate switches.
I have a cisco 1900 series switch and was wondering if I create 2 VLANS, one for each DMZ, will this afford me the same security as if each were on their own switch.
thanks
10-31-2003 10:56 AM
Yes it will.
11-02-2003 05:30 PM
Thanks
10-31-2003 05:39 PM
There isn't a simple answer to this question. In general, it's a bad idea to rely on VLANs in of themselves for security. There have been so-called "VLAN hopping" attacks in the past, particularly on older switches, in which it was possible to send specially-crafted packets between VLANs on layer-2 switches.
I haven't heard of any vulnerabilities like this lately, but I think the above points out the importance of keeping in mind that VLANs weren't designed to provide security. If the security requirements between your two DMZs are high, then I think you absolutely want firewalling capability in between them (i.e., 1 switch per firewall in your case). If on the other hand inter-DMZ traffic isn't a big concern, then 2 VLANs on 1 switch may be a good way to save some money.
11-02-2003 05:32 PM
Thanks. This was a big help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide