Looking for some ideas on securing traffic between vlans. So far I have been able to replace the ASA perimeter firewall with a pair of Palo Alto PA5220's. The current network configuration is that all vlans (approximately 150) come back to a core switchl. Unfortunately that core switch is a stack of Meraki MS425's so any VRF is out of the question. The way I see it I have three options; use ACL's on the core to restrict traffic between vlans, move the SVI's to the PA5220 pair, or install a 2nd firewall pair to handle inside network traffic. What has worked for you guys? I don't really like the idea of moving them to the existing firewall, it seems like that job should be on it's own box but I don't know if it matters a whole lot. The existing firewall pair isn't exactly under a high traffic load at the moment.
No comments:
Post a Comment