[j-nsp] Micro-segmentation

Graham Brown juniper-nsp at grahambrown.info
Sun Aug 2 05:00:27 EDT 2020


Hey James,

I’ve thought about this before and I looked at PVLANs, single VLAN made up
of multiple /31s and also VM-based FWs and handing over control to NSX etc.

PVLANs would be easiest, NSX-T w/automation looks great but no personal
experience to elaborate further.

On Sun, 2 Aug 2020 at 20:41, james list <jameslist72 at gmail.com> wrote:

> Dear all,
> Many times my security team requires to have in place layer2 segregation in
> order to create dmz on the firewall as security measure to prevent lateral
> movement in case of different vlan management or to respect standards (pci,
> nist, etc).
>
> The result is in having hundreds or thousands vlans also if in each vlan
> there are very few systems ( 3 o 4 servers, etc).
>
> My question is: how did you manage the issue in case you faced it?
> Private vlans?
>
> Keep in mind we need to have a non stop environment and hence any possible
> way forward must forecast it.
>
> Cheers
> James
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
-- 
-sent from my iPhone; please excuse spelling, grammar and brevity-


More information about the juniper-nsp mailing list