The setup Is basically 5 vlans that are private subnets, all with either an IRB or VRF as the gateway on the juniper. and 1 vlan that have public addresses with the gateway also being the juniper, I do not want the public addresses to be able to route to the private addresses but they can. Would it be best practice to firewall those off inside the juniper or null route those subnets on the public vlans IRB? I've never setup a router that would allow this setup as "the default" I didn't tell it to route the publics to the privates or to allow that traffic, but it is...
No comments:
Post a Comment