I've got an ISP that provides only a single WAN port on their equipment, but I've got an HA firewall setup. I know I can make it ugly and connect the ISP to a 5-port unmanaged switch and then to both firewalls, but I want to do something more fancy. I'm thinking about a small managed switch instead with an isolated VLAN configured for those ports, and then a different VLAN on a different physical port that connects it back to my network for SNMP management and reporting. There'd basically be three connections out of the switch, two from the ISP VLAN that goes into the firewalls for Internet traffic and one from a different VLAN that goes into the LAN for management traffic. Anyone doing anything like this? Any potential issues? I worry about the potential for VLAN hopping and someone bypassing my firewalls through this switch and getting into the LAN, but I'm not sure how realistic that is in the real world. Thoughts?
No comments:
Post a Comment