Hi, As a rule of thumb, I disable DTP and change the native VLAN, as well as prune those vlans from the rest of the internal network. I suppose your right. :)
Christopher McGill CCSE, CCSA, CCNA On 3/18/07, sin <[EMAIL PROTECTED]> wrote:
Christopher McGill wrote: > Hi Again, > > Also forgot to mention. The have a dedicated NIC for the DMZ, I am going > to place all the DMZ bastion hosts on a dedicated switch and place an > additional nic in each enforcement point to connect to this. I am not > thrilled about the previous setup with all the VLAN in terms of security as > it is, noway am I placing the DMZ on physically the same device. > > The more I think about this setup, the more I coming to the conclusion, > that the topology of clusterxl object is going to be nuts.,,,,, > > Perhaps a l3 switch would be a better solution.. Maybe if I pick a lower > spec server :) probably you worry too much; there hasn't been in a very long time any exploit that would allow an attacker to do vlan hopping on switches. sin ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
