[nsp] PIX 535 stateful failover
Ryan O'Connell
ryan at complicity.co.uk
Mon Jun 14 06:41:59 EDT 2004
Niels Bakker wrote:
>* ryan at complicity.co.uk (Ryan O'Connell) [Sun 13 Jun 2004, 20:00 CEST]:
>
>
>>There's no reason - that I know of - why you couldn't run both the
>>inside and outside interfaces as VLANs on the same physical interface.
>>
>>
>
>Except that this would defeat the point of the PIX. I wouldn't call
>VLANs "security."
>
>
I know of no large managed hosting provider still routinely providing
firewall services based on physical switches instead of VLANs - using
individual switches instead of VLANs is exepsnive and just doesn't
scale. There's no reasonably likely scenario I can think of in which
having a trunk to the firewall would be any less secure than having two
non-trunked connections to the firewall from the same switch on
different VLANs.
--
Ryan O'Connell - CCIE #8174
I'm not losing my mind, no I'm not changing my lines,
I'm just learning new things with the passage of time
More information about the cisco-nsp
mailing list