Just looking to get some opinions here on DMZ's and default gateways etc. We normally do our DMZ segmentation on the firewall and push traffic all the way up. I have been reconsidering this after purchasing 10Gb gear and realizing what a bottle neck it is. Is it common to put an SVI on the switch with a VACL to control traffic? To be honest thats all we are really doing with the firewall anyway. We do not do any inspection on that traffic. As I think about it though I would still like the DMZ traffic to end up in the correct zone on the firewall which would probably require PBR on the switch to identify and route traffic accordingly. Anyways just wondering if anyone had some advice on how they like to do things. Thanks in advance.
No comments:
Post a Comment