Yes, but as I described you have to first physically put the nic or nics in
the FW on each VLAN. Whether its a single nic using a trunking protocol or
multiple nics, you have to get the FW "on" each VLAN. Once its "on" each
VLAN you have to configure the FW with an IP address in each subnet that
will serve as the DG for that subnet.
-Kent
-----Original Message-----
From: Ken Chan [mailto:[EMAIL PROTECTED]]
Sent: Friday, July 21, 2000 11:55 AM
To: Kent Hundley; 'joe'; [EMAIL PROTECTED]
Subject: RE: VLAN Dumb question
Can't you make the IP address of firewall the gateway of each VLAN ?
-Ken
At 11:12 AM 7/21/00 -0700, Kent Hundley wrote:
>If your saying you want the devices on each VLAN to have to transit the FW
>to talk to each other, you have 2 choices:
>
>1) Install 1 nic in your FW for each VLAN, the IP address of the NIC
becomes
>the DG for its respective VLAN
>
>2) Install a nic in your FW that supports VLAN trunking (intel has these)
>and run a VLAN trunk between your switch and FW. Each VLAN on the NIC will
>have a separate IP address which will be the DG for its respective VLAN.
>
>My preference is option 1. You need more hardware, but its more secure.
It
>has been shown that a properly crafted packet can be made to hop from one
>VLAN to another without going through a DG. This was done with 802.1q, so
>ISL may not have this flaw, but physical separation is always more secure
>than logical separation, and nics aren't very expensive.
>
>-Kent
>
>-----Original Message-----
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
>joe
>Sent: Friday, July 21, 2000 9:50 AM
>To: [EMAIL PROTECTED]
>Subject: VLAN Dumb question
>
>
>Hi,
>I am a novice and I have a dumb question for you learned people ....
>
>I know how the vlans operate and how to configure them stuff ... But I
>seemed to be stumped by a issue here which I am not sure of. I have a
>firewall connecting through a 6000 switch. I need to configure this with
>three VLANS which cannot communicate with each other but they should be
able
>to access the network. I have given them different network numbers and all
>that.... my question is
>what is the default gateway for these VLANS
>
>
>joe
>
>
>___________________________________
>UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
>FAQ, list archives, and subscription info: http://www.groupstudy.com
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>___________________________________
>UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
>FAQ, list archives, and subscription info: http://www.groupstudy.com
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
