For a while we've done a VRF on the DC (L3) switches, bound the VLAN interface in that VRF and then had a different VLAN&subnet that connects the VRF to firewall. We also use BGP between DC switches and FW.
However for smaller subnets this seems quite a lot of config, how do you do it? Assuming there is a need to firewall stuff. Just have the default gateway address on the firewall? Have static routes from server VRF to FW?
No comments:
Post a Comment