design issue - vlans or separate hubs on the external interfaces
We are designing a new setup with a PIX515 firewall and failover. One Internal interface with the application servers on; several external interfaces to separate customer networks, connected via fibre or a router connection.
Due to the failover setup, we need to put in a hub or switch between each customers WAN connection and their interface to the PIX. That means we need to purchase 3 hubs, one for each customer. To provide reasonable service, we should make those manageable hubs.
The alternative is to put in a good switch and split it up into 3 vlans. This would be adminstraticely easier all round. Previously I've shyed away from this as I consider the VLANs and Cisco Switch to be a point of lower security, which could be easily (in comparison to the PIX Firewall) be compromised. But I'd like a second opinion.
I would like some feedback from others on what their thoughts are...VLANs or separate hubs?
Re: design issue - vlans or separate hubs on the external interf
By using VLANs, you rely your security implemtation on a layer 2 solution. I would definately recommend to use seperate hubs/switches. You also should be careful with configuring these hubs/switches for management puposes. Generally you want to keep these boxes as dumb as possible (from a manageability perpective). Allowing remote access or SNMP could result in a compromised switch/hub.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...