Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
881
Views
0
Helpful
2
Replies

layer 2 firewalls

daddum61
Level 1
Level 1

‎05-01-2020 12:44 PM

not sure if best to post this here or security

 

I have customer that has a large layer 2 network, basically its a fibre ring with 25 sites

each site has a switch, and there are a number of VLAN's running over the network.

Rapid Spanning Tree is on the ring

the whole system is a critical network, but not really high bandwidth.

The customer has decided that he want to install a firewall on each of the 25 sites, and i suggested that we just drop in layer 2 firewalls, and keep the existing network addresses the same

But i did wonder, am i better migrating the whole thing to a layer 3 network ?

the existing VLAN's have different priorities and the number of devices on each site less than 20, but there are 25 sites spread over a very large area, the fibre ring is around 120miles long

 

0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎05-01-2020 01:07 PM

You can install FW in Transparent mode keep exiting network intact.

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa95/configuration/general/asa-95-general-config/intro-fw.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

gerardothink
Level 1
Level 1

‎05-01-2020 09:39 PM

I would not use firewalls if the sites are not going to the internet, firewalls are not intended to be use to do hardcore routing, that is why you have routers or L3 Switches, you have to be very careful service policy if you use them to route.

0 Helpful
Top