Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
307
Views
0
Helpful
1
Replies

best practices wiring up a firewall

DannyHuston
Level 1
Level 1

‎04-23-2013 03:47 PM - edited ‎03-11-2019 06:33 PM

It used to be and I still think it is that you always have physical separation of trusted and untrusted traffic (so a common switch for outside interfaces to plug into and where your circuits could plug into if ethernet handoff etc, and a switch for inside interfaces be it your cores / whatever).  Nowadays more and  more designs I see are showing both the outside and inside interfaces of firewalls plugged into the same switch and use vlans to separate traffic out.  What are people's thoughts about this?

Labels:
0 Helpful
1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

‎04-23-2013 04:04 PM

Hi,

I guess it depends on the actual location of the firewall.

Usually in the datacenter environment where the firewalls are connected to core devices, both WAN and LAN are connected to the same physical device. There might simply be several Trunk interfaces to the core or perhaps an Etherchannel used as a Trunk to the core. Actual networks/routing is separated by both Vlans and VRFs.

On the other hand on customer premises the firewalls are usually connected on the LAN side to the customer core and on the WAN side to the device that provides the WAN connectivity. Sometimes it could be something as simple as a xDSL modem and sometimes it might be a L3 switch handing both the WAN and separate external connections to remote sites or resources.

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card