Re: How to access Vlans to Local servers vlan and dmz vlan

sajjadarab47 · ‎02-26-2023

Hello
I have a question regarding VLAN access to servers on a Core switch.
See, we have these hardwares in our organization's network

A Fortigate firewall

I want to put a 3850 switch in the network core

15 2960 switches that have the role of Access.

We do not have a Distribute switch.

I want to have 10 Vlans in the network and since the users are in different places, I cannot use Local Vlan and I have to use End to End. These Vlans are going to be created by the Core switch and the VTP service, and I don't want there to be any communication between the Vlans. That is, I don't want to use IP routing on the Core switch.

But all Vlans must have access to DMZ servers and Local Servers.

One way is to define a hardware interface number for each zone (DMZ and Local Server) on the firewall. This causes the load of traffic on the firewall to be high and the traffic of users to access the internal servers comes and goes back to the firewall. (PLAN A)
The second way is to define two VLANs with the names DMZ and Local server on the Core switch and activate the IP Routing service on the Core switch, which allows users to access other VLANs. (PLAN B)

Thank you