what is the best practice for a security design, the use of independant switch for every DMZ or use a single core switch, with high performance and density of ports and i segment it with vlan for every dmz???
This very much depends on the security ploicy of your company. Many years ago it was common to have a seperate switch for each DMZ and if you're paranoid and have deep pockets then you can still do this.
It is now common to just use a central switch infrastructure and seperate DMZs with VLANs.
When building DMZ switches then here are some ideas to keep it secure
1) Make it a security policy that all VLANs on the switch are layer2. This stops accidentally routing between VLANs
2)You can put your management VLAN interface into a seperate VRF
3) Ensure your native VLAN on trunks goes into an unused VLAN (to stop VLAN hopping).
Plus all the standard password and access control security. You can check this URL for some more ideas
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...