If your saying you want the devices on each VLAN to have to transit the FW
to talk to each other, you have 2 choices:
1) Install 1 nic in your FW for each VLAN, the IP address of the NIC becomes
the DG for its respective VLAN
2) Install a nic in your FW that supports VLAN trunking (intel has these)
and run a VLAN trunk between your switch and FW. Each VLAN on the NIC will
have a separate IP address which will be the DG for its respective VLAN.
My preference is option 1. You need more hardware, but its more secure. It
has been shown that a properly crafted packet can be made to hop from one
VLAN to another without going through a DG. This was done with 802.1q, so
ISL may not have this flaw, but physical separation is always more secure
than logical separation, and nics aren't very expensive.
-Kent
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
joe
Sent: Friday, July 21, 2000 9:50 AM
To: [EMAIL PROTECTED]
Subject: VLAN Dumb question
Hi,
I am a novice and I have a dumb question for you learned people ....
I know how the vlans operate and how to configure them stuff ... But I
seemed to be stumped by a issue here which I am not sure of. I have a
firewall connecting through a 6000 switch. I need to configure this with
three VLANS which cannot communicate with each other but they should be able
to access the network. I have given them different network numbers and all
that.... my question is
what is the default gateway for these VLANS
joe
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
