Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
263
Views
0
Helpful
4
Replies

VLAN Question

js358
Level 1
Level 1

‎10-31-2003 09:54 AM - edited ‎03-02-2019 11:24 AM

Hello All:

Have a question regarding VLANS. I'm running 2 sonicwalls each with their own DMZ. I would like to expand the DMZ on each FW without purchasing 2 seperate switches.

I have a cisco 1900 series switch and was wondering if I create 2 VLANS, one for each DMZ, will this afford me the same security as if each were on their own switch.

thanks

Labels:
0 Helpful
4 Replies 4

mark-obrien
Level 4
Level 4

‎10-31-2003 10:56 AM

Yes it will.

0 Helpful

js358
Level 1
Level 1
In response to mark-obrien

‎11-02-2003 05:30 PM

Thanks

0 Helpful

tbaranski
Level 4
Level 4

‎10-31-2003 05:39 PM

There isn't a simple answer to this question. In general, it's a bad idea to rely on VLANs in of themselves for security. There have been so-called "VLAN hopping" attacks in the past, particularly on older switches, in which it was possible to send specially-crafted packets between VLANs on layer-2 switches.

I haven't heard of any vulnerabilities like this lately, but I think the above points out the importance of keeping in mind that VLANs weren't designed to provide security. If the security requirements between your two DMZs are high, then I think you absolutely want firewalling capability in between them (i.e., 1 switch per firewall in your case). If on the other hand inter-DMZ traffic isn't a big concern, then 2 VLANs on 1 switch may be a good way to save some money.

0 Helpful

js358
Level 1
Level 1
In response to tbaranski

‎11-02-2003 05:32 PM

Thanks. This was a big help.

0 Helpful
Customers Also Viewed These Support Documents