I have a need to block server to server communication in a DMZ subnet and wanted to solicit r/networking advice on the topic. A run down of what we have is VMware (standard vSwitch) on UCS with nexus switches and ASA's. We also use SEP AV in case that could be of use. The DMZ terminates on the ASA. There is no SVI on the switch.
So I thought about this and the best solution I could cook up was firewall rules on each host. I thought about using a vacl on the DMZ vlan. Does anyone know if that will work bridging through without an SVI? I was hoping for an easy button like on WLC P2P blocking action or something...Any other thoughts on how to tackle this? Thanks.
No comments:
Post a Comment