Hey James, I’ve thought about this before and I looked at PVLANs, single VLAN made up of multiple /31s and also VM-based FWs and handing over control to NSX etc.
PVLANs would be easiest, NSX-T w/automation looks great but no personal experience to elaborate further. On Sun, 2 Aug 2020 at 20:41, james list <[email protected]> wrote: > Dear all, > Many times my security team requires to have in place layer2 segregation in > order to create dmz on the firewall as security measure to prevent lateral > movement in case of different vlan management or to respect standards (pci, > nist, etc). > > The result is in having hundreds or thousands vlans also if in each vlan > there are very few systems ( 3 o 4 servers, etc). > > My question is: how did you manage the issue in case you faced it? > Private vlans? > > Keep in mind we need to have a non stop environment and hence any possible > way forward must forecast it. > > Cheers > James > _______________________________________________ > juniper-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/juniper-nsp > -- -sent from my iPhone; please excuse spelling, grammar and brevity- _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
