I inherited the current firewall setup but I don't like how it is setup. Currently the firewall is the default route for our gateway router. The svis all terminate on the router and the traffic then goes out the firewall. This strikes me as the wrong way to set this up. Shouldn't the vlans trunk to the firewall and then use the firewall itself to zone them as appropriate and manage the rules there instead of having ACLS in the switches and routers? I understand it isnt a cut and dry question for lots of reasons, but it seems like that should be the default position. If the FW cannot keep up or the traffic isnt that interesting then it can stay segmented on the router.
Obviously I am not going to trunk the SAN traffic to the router, but I am overthinking this or is that how most people do this?
No comments:
Post a Comment