Firewall placement on which vlan

bmehdi · ‎07-12-2004

Hi ,

if following is the scenario

server vlan

|

internet router--firewall-L3 switch-router run ospf

|

workstation vlan

which vlan should the firewall be member of ? a separate Vlan ? if a separate vlan will the l3 intervlan work.

is it advisable to enter a default route pointing to the firewall at L3 switch and for a routing in private wan enable ospf ?

thanks will appreciate the help.if any one has link of a document on this please let me know.

bmehdi · ‎07-12-2004

server vln and workstation vlan are on l3 switch

sachin · ‎07-12-2004

You are Right. All your Internet traffic should flow via firewall. So default gateway on L3 switch should point to firewall. Now keeping above topology in view , your firewall and L3 switch should have same VLAN.

Now in which VLAN you should keep firewall is - matter of security. If you want these two ports fully secure , create one more VLAN and put these two port in that VLAN ( definitely you have to create virtual interface on L3 switch for this VLAN ). This will protect your firewall from all broadcast and unnecessary traffic too.

yipn · ‎07-12-2004

Preferable to use routed port if the L3 switch run native IOS, or a separate VLAN if CatOS is used.

Yes, using default route pointing to firewall and OSPF for internal network is quite a common way.

bmehdi · ‎07-12-2004

you mean i shud use two routed ports , one of l3 with firewall and other of l3 with my router

yipn · ‎07-12-2004

yes