On 13-12-30 12:21 PM, John Wells wrote:
The diagram is here: http://i.imgur.com/yGghcOb.jpg
So yes, I think you and I are on the same page.
Still, my security questions remain.
Thanks,
John
Then my mail client is lying to me again about what it has sent and what
it hasn't :-(.
To recap my entire lengthy email: you don't have any security issues
worth worrying about. VLANs are basically secure. That doesn't mean
they're 100% perfect; as with anything, software bugs are the largest
class of vulnerabilities, but for general use - assuming you aren't
working for the NSA - they're more secure than almost anything else
you're doing with your computers. Whether you're using a dedicated
piece of hardware, or a general-purpose piece of hardware with some
software, to implement a switch, you control which interfaces care about
VLAN tags and which ones will ignore them.
There are some VLAN-related protocols that I would avoid enabling on the
internet-facing port, that pfSense doesn't support anyway (e.g. GVRP,
VTP...) so there's no issue there.
Using pfSense as a switch is probably even safer than using pfSense as a
router; there's less of an attack surface presented to the outside
world. However, you still have a pfSense box at the next layer 2 hop
acting as a firewall... bottom line, you're exactly as safe as you were
before, assuming pre-existing use of pfSense.
--
-Adam Thompson
[email protected]
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
