+ Reply to Thread
Results 1 to 8 of 8
  1. Senior Member
    Join Date
    Dec 2014
    Posts
    266
    #1

    Default 2 VLAN on same switch to a firewall

    I don't understand why a switch needs 2 VLAN to the same firewall.

    Device outside (VLAN X) === Firewall ==== Device inside (VLAN Y)

    In my case, the inside device has vlan X and Y configured on it. Why?
    Reply With Quote Quote  

  2. SS -->
  3. ABL - Always Be Labbin' Iristheangel's Avatar
    Join Date
    Dec 2009
    Location
    Pasadena, CA
    Posts
    3,726

    Certifications
    CISSP, CCIE DC, CCNP R&S/DC, CCDP, CCNA:RS/S/V/DC, CCDA, BCVRE, BCEFP, BCNE, CEH, CHFI, MCSE:S, MCDST, A/S/L/P/N+, some useless Citrix and CIW certs
    #2
    Check out some of the entries on VLANs and firewalls here:
    http://tinyurl.com/zz8bfzf
    Last edited by Iristheangel; 12-11-2016 at 12:18 AM.
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
    Bonus TE Fun: Nerd Photos
    Reply With Quote Quote  

  4. Woohoo! It's over 1000!
    Join Date
    Aug 2015
    Location
    Australia
    Posts
    1,683

    Certifications
    Linux+, ACSA, ACTC, ACSP, MCSA:7, MCTS, ITIL F, Prince2 Pract, AgilePM Practitioner, VCP-DCV 5/6, Storage+, CCNA R+S/Sec/CyberOps, Sec+, CEH, CASP
    #3
    I'm not sure I understand the question. It seems like you are asking why one side of the firewall needs to be segregated from the other side of the firewall.

    Is the inside device with VLAN X+Y a switch? Because if that's the case, then logically, you could think of them as two separate switches. The only way for data to flow between the VLANs is with a layer 3 device. You could, in theory, set up an end point (eg a server) connected to a trunk to the switch and have access to the two VLANs on two different 'virtual' interfaces.
    2017 Goals - Something Cisco, Something Linux, Agile PM
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Dec 2014
    Posts
    266
    #4
    I see. In that case may I ask if a firewall is a purely layer 2 device or does it have layer 3 properties as well? (like an L3 switch)
    Reply With Quote Quote  

  6. Woohoo! It's over 1000!
    Join Date
    Aug 2015
    Location
    Australia
    Posts
    1,683

    Certifications
    Linux+, ACSA, ACTC, ACSP, MCSA:7, MCTS, ITIL F, Prince2 Pract, AgilePM Practitioner, VCP-DCV 5/6, Storage+, CCNA R+S/Sec/CyberOps, Sec+, CEH, CASP
    #5
    Quote Originally Posted by dppagc View Post
    I see. In that case may I ask if a firewall is a purely layer 2 device or does it have layer 3 properties as well? (like an L3 switch)
    Usually firewalls operate at layer 3 - connecting to various subnets -, however there are layer 2 firewalls which are also called transparent or bridging firewalls. Some firewalls can be configured to work in either mode.
    2017 Goals - Something Cisco, Something Linux, Agile PM
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Dec 2014
    Posts
    266
    #6
    Are there firewalls that accept routing protocols? In my network, it seems that only static routes are accepted.
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Jan 2013
    Location
    Oklahoma
    Posts
    295

    Certifications
    CISSP, GCED, SSCP, CCNA R/S & Security, CSA+, Network+
    #7
    Quote Originally Posted by dppagc View Post
    Are there firewalls that accept routing protocols? In my network, it seems that only static routes are accepted.
    Yes, typically firewalls will also support dynamic routing protocols
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Dec 2014
    Posts
    266
    #8
    It seems that my checkpoint firewall only accepts static routes
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks