Jeff,
I think it is too risky....
Think that the switch could be the weakest ring into your chain....
best wishes
Aylton
----- Original Message -----
From: "Jarmoc, Jeff" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, April 02, 2001 5:44 PM
Subject: [FW1] DMZ via VLAN
>
> I've got a question in regards to running a DMZ on the same physical
> switches as my internal network, but segmented by VLAN. Currently, I've
got
> several 10/100 switches on my backbone, so my DMZ is physically seperated.
> However, we're looking at upgrading to a gigabit backbone. Obviously,
> gigabit switches are still somewhat pricey, and our DMZ is really only
about
> 6 servers. Soooo, the idea came to me to use VLANs to isolate the DMZ and
> internal networks on the same physical switch.
> Does anyone have any experience with this, or opinions on how it
> would impact security or performance? The gigabit switch I'm looking at
is
> also capable of Layer 3 switching, but obviously any layer 3 traffic
between
> these two VLANS would have to go through the firewall, I'll need to make
> sure I can specify that in the switch's software. Recommendations of
> quality gigabit switches that can support up to 24 gig ports, and 48 100
meg
> ports would also be appreciated, but that's not really the point of my
> message.
>
> Thanks in advance for the wonderful insights.
>
> Jeff Jarmoc - CCNA, MCSE
> Network Analyst - Grubb & Ellis
>
>
>
>
============================================================================
====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
