I was chatting with some colleagues when they mentioned that a group of consultants come on site hired by their CIO to look at the infrastructure overall. They were looking at the campus and particularly their Core Switch. Because ACLS, or VACLS are not in use they were kind of "dinged" on not having the best of network security practices.
Their recommendation was to use their HA pair Firewalls (Fortinet) for all their inter-vlan routing and to apply "only whats needed" between the vlans so increase their network security.
I have not heard of using a firewall in place for inter vlan routing and segmentation. How is this done? The SVI's sit on the Core switch and cross vlans at the core. Kinda confused by it but seems like a great thing to put into play for the future?
Thoughts from anyone on this practice or know of it?
No comments:
Post a Comment