I have never hung a switch out with direct internet access without a firewall before.
That is, every switch I have installed in the last 10 years has been behind either a FortiGate, PF, or similar and with no direct access to the management VLAN.
For reasons (remote location, no other OOB) I need to do it now. This would be an Aruba (formerly Procurve) 2530 with fairly up to date firmware. I tried looking over the current CVE but I think I need more sleep first. Web interface would be disabled.
This would actually be two 2530 switches replacing a pair of fiber media converters so that we can get some actual interface statistics.
ISP <--> 2530 <--> fiber <--> 2530 <--> bunch_of_other_crap
Ok? Horrible?
No comments:
Post a Comment