We have about 4 smaller networks (less then 250 nodes per VLAN) coming together in a 4006 switch. We allow or deny access using extended accesslists in the 4006 switch. Lately the accesslists have been growing and the administration is getting more and more.
I've been thinking about replacing the accesslists in the 4006 switch with a firewall where the different VLANs will be terminated.
Can somebody give me som recommendations? Is there some kind of rule of thumb for this kind of thing? Like having x amount of VLANs then a firewall should be implemented?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...