Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
822
Views
10
Helpful
5
Replies

dmz

bluesea2010
Level 5
Level 5

‎04-26-2022 04:16 AM

 

Hi ,

I don't have a physical switch for dmz .Now If I want to  share the same  inside network switch ,what is the solution 

Thanks

 

 

 

 

5 Replies 5

Rob Ingram
VIP
VIP

‎04-26-2022 04:19 AM - edited ‎04-26-2022 04:20 AM

@bluesea2010 it's not generally advisable, but if you needed to do it configure the interfaces of the DMZ VLANs and servers in a separate VRF. Which will isolate the routing, traffic would be routed via the Firewall, which would permit/deny traffic accordingly.

0 Helpful

Karsten Iwen
VIP
VIP

‎04-26-2022 04:20 AM

If the infrastructure is not separate, the minimum separation is by VLANs. Depending on your implementation, also VRFs can be used to separate the data.

0 Helpful

bluesea2010
Level 5
Level 5
In response to Karsten Iwen

‎04-26-2022 12:55 PM

Hi @Karsten Iwen  @Flavio Miranda  @Rob Ingram  @MHM Cisco World 

 

switch model is nexus 9k

Dmz.JPG

Planning to do  dmz on dc firewall .?

 ,How the physical connection should be . ?

What If I have spine and leaf with border leaf ?.I want to run dmz  in the same  boarder leaf 

Thanks 

 

 

 

 

Flavio Miranda
VIP
VIP

‎04-26-2022 04:25 AM

The solution depends on the switch model and version you have.  Can you tell please?

0 Helpful

MHM Cisco World
VIP
VIP

‎04-26-2022 04:29 AM - edited ‎04-26-2022 04:51 AM

na850301.jpg

DMZ have subinterface in FW
Inside have different Subinterface in FW 

SW have two different VLAN for each DMZ and Inside.

keep notice that FW will be the GW for both these VLAN

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card