From: James Ventre (messageboard@ventrefamily.com)
Date: Thu Nov 03 2005 - 15:47:56 GMT-3
Hundreds of DMZ's? Then you've got a lot more issues than just
chosing a switch (larger scale network design considerations?).
You're getting into scenarios where your 1 hardware choice will
signifigantly impact other ones. What kind of FW's are you going to
deploy in this scenario, and how many of them? What kind of throughput
are you expecting from a DMZ? How many hosts in a DMZ? Is there any
paticular reason why you can't do fewer DMZ's and do private vlans?
Can you look at a 6500 with a FWSM? I'd suggest you use a cookie cutter
approach as much as possible - even if it costs more in hardware.
It's not nearly as taboo to VLAN a switch for use within DMZ's (since
the same FW probably services both DMZs) ..... but I'd still keep dirty
and clean segments on different switches. It's also not uncommon to
feed a trunk to your FW.
James
kevin gannon wrote:
> What do you do if you run to hundreds of DMZ's ?
>
> Regards
> Kevin
>
> On 11/3/05, James Ventre <messageboard@ventrefamily.com> wrote:
>
>> And it's not like a 2950-12 or 2950-24 is all that expensive!
This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:05 GMT-3