cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
727
Views
0
Helpful
5
Replies

Introducing ASA firewall to controll traffic between VLANs

n_parshina
Level 1
Level 1

Hello!

Although I've seen similar discussions, I'd like to request help in my particular scenario.

We have a data center with servers set up for different projects, some servers from partner companies and several small LANs. The traffic between all those needs to be controlled and firewalled. The servers and LANs are divided into different subnets and VLANs. Physically, their traffic is aggregated on a couple of 4506 and then sent to a FreeBSD server, where the logical gateways are set up and traffic is filtered between them.

The BSD server is dying and having it there is incorrect in the first place, so we are planning to replace it with two ASA (5520) in failover.

The question that arises is how to correctly implement firewalling between VLANs. Originally we thought to set up the firewalls in transparent mode and logically terminate VLANs on a stack of 3750 switches behind them, but would that filter the traffic between the VLANs? Then we thought to perhaps terminate the VLANs on the ASAs, use routing mode, and do filtering there, as well. Or should we implement multiple contexts? We have about 20 VLANs and all of them differ in rules of what should go there. None of this can be concidered an "inside" - trusted - zone, nor "outside". Internet and external links are connected and filtered in a different place.

Could someone, please, explain and advice?

Thanks in advance.

5 Replies 5

paolo bevilacqua
Hall of Fame
Hall of Fame

Do you really need firewalls ? Mabye Access Lists on the switch are enough.

Yes, that is absolutely necessary.

Then better to ask in Security forum, not here.

Thought this is more of an infrastructure questions, but will try there, too

When you have Firewalls as you said you need, it's Security, not Infrastructure matter.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: