Firewall Wizards mailing list archives
RE: DMZ - the physical layer
From: Carl Friedberg <friedberg () exs esb com>
Date: Sat, 18 Mar 2000 03:13:21 -0500
The use of VLAN's at the border doesn't make sense to me, but I've never had the situation come up. The first thought to cross my mind: this configuration (multiple separate LANS off a firewall, e.g. a web (DMZ) net; a business-partner's net, and the variou corporate nets; couldn't pass a serious security audit without physically separate wiring. That's just my off-the-top-of-the-head assessment, but I wouldn't propose this. VLANs are fine for performance optimizations, but I wouldn't suggest using them for securing a perimeter. Just my 2 cents. I'm not familiar with NetGear; I wouldn't try it with Cabletron (formerly DEC) or HP ProCurves; but those are pretty cheap (24 ports around $1,200 or so) Carl () comets com -----Original Message----- From: fernando_montenegro () hp com [mailto:fernando_montenegro () hp com] Subject: RE: [fw-wiz] DMZ - the physical layer
1) Using separate hubs/switches for each subnet in your firewall LANs: Cons - Adds complexity to hardware needs, such as extra rack space, extra
power
outlets, ...
seems pretty minor
- Makes changes to a LAN (such as adding servers to the web farm)
harder I don't see it as being much harder if you plan for some expansion on your switches
- Makes a more resilient (not HA) configuration harder: more
individual
components to duplicate
well, with meshing/spanning tree, etc., I'm not sure I buy that either
Current thread:
- DMZ - the physical layer John White (Mar 12)
- Re: DMZ - the physical layer Aaron D. Turner (Mar 17)
- Re: DMZ - the physical layer Bennett Todd (Mar 21)
- Re: DMZ - the physical layer Doug Fajardo (Mar 21)
- <Possible follow-ups>
- RE: DMZ - the physical layer fernando_montenegro (Mar 17)
- RE: DMZ - the physical layer Ben Nagy (Mar 21)
- RE: DMZ - the physical layer aturner (Mar 23)
- RE: DMZ - the physical layer Carl Friedberg (Mar 21)
- Re: DMZ - the physical layer Aaron D. Turner (Mar 17)