Re: Is it secure for Unprotected VLAN to access internet through Core

mindy6 · ‎06-26-2023

Hi to all and hope you have a wonderful day

As the title we have a vlan for unprotected devices to access internet , this vlan is accessing the internet through core switch directly , and this VLAN cannot see other networks thanks to ACL .

Is this consider safe ? is there any risk for this vlan to see other internal networks and vlans ?

And thanks

MHM Cisco World · ‎06-26-2023

access directly, I dont think so, there is must NATing device NAT VLAN private IP to Public IP,

and it secure ?NO you need FW or ZFW to secure your access to internet.

Flavio Miranda · ‎06-26-2023

Hi

If you can install a firewall and create a DMZ, that´s would be a better solution. If not, and if you Core supports VRF, you could create a VRF which can be better then ACL.

The risk you may face is if one of this device gets inffected this could spread on your network.

M02@rt37 · ‎06-26-2023

Hello @mindy6,

totally agree with @Flavio Miranda.

Consider implementing a firewall between the unprotected VLAN and the rest of the internal networks. This adds an additional layer of security by inspecting and filtering traffic based on defined rules and policies. On the other hand, implementing a VRF instance can provide an additional layer of isolation and security for the VLAN containing unprotected devices. VRFs allow you to create separate routing tables and address spaces within a single physical network infrastructure.

By combining VRFs with VLANs and other security measures like ACLs, firewalls (zone based), you can create a more robust and secure network infrastructure.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.