Solved: Re: InternVLAN rules on PIX506

alig.norbert · ‎06-06-2008

Hi all,

I need to build up a DMZ with a PIX506. My idea is to make a trunk between PIX and switch, assign a VLAN for the DMZ.

Mi question is, can PIX506 handle firewall-rules between the VLAN's (internal <-> dmz)?

Thank's,

Norbert

Jon Marshall · ‎06-06-2008

Norbert

Not sure what you are asking here. The 506E supports up to 2 vlans on an interface so you can do what you want. Each vlan interface is treated as a physically separate interface in terms of security levels/access-lists etc.

So if you have an inside and a DMZ on the same interface you can apply separate access-lists to each interface.

Does this answer your question ?

Jon

View solution in original post

Jon Marshall · ‎06-06-2008

Norbert

Not sure what you are asking here. The 506E supports up to 2 vlans on an interface so you can do what you want. Each vlan interface is treated as a physically separate interface in terms of security levels/access-lists etc.

So if you have an inside and a DMZ on the same interface you can apply separate access-lists to each interface.

Does this answer your question ?

Jon

alig.norbert · ‎06-06-2008

Jon

Thank's for the answer.

Yes I want to control the traffic between DMZ (VLAN-xx)<-> inside (VLAN-yy) over the PIX.

Greets,

Norbert