From: kevin gannon (kevin@gannons.net)
Date: Thu Nov 03 2005 - 16:00:12 GMT-3
On 11/3/05, James Ventre <messageboard@ventrefamily.com> wrote:
> Hundreds of DMZ's? Then you've got a lot more issues than just
> chosing a switch (larger scale network design considerations?).
Yep the real world is not fun, I think at last count its 700 od DMZ's.
>
> You're getting into scenarios where your 1 hardware choice will
> signifigantly impact other ones. What kind of FW's are you going to
> deploy in this scenario, and how many of them? What kind of throughput
> are you expecting from a DMZ? How many hosts in a DMZ? Is there any
> paticular reason why you can't do fewer DMZ's and do private vlans?
> Can you look at a 6500 with a FWSM? I'd suggest you use a cookie cutter
> approach as much as possible - even if it costs more in hardware.
>
It already in pace and it works it FW1 on Nokia.
> It's not nearly as taboo to VLAN a switch for use within DMZ's (since
> the same FW probably services both DMZs) ..... but I'd still keep dirty
> and clean segments on different switches. It's also not uncommon to
> feed a trunk to your FW.
Inside/outside very similar to DMZ we dont trust them. But its all
about levels of trust ;-).
Regards
Kevin
> James
>
>
>
>
>
> kevin gannon wrote:
> > What do you do if you run to hundreds of DMZ's ?
> >
> > Regards
> > Kevin
> >
> > On 11/3/05, James Ventre <messageboard@ventrefamily.com> wrote:
> >
> >> And it's not like a 2950-12 or 2950-24 is all that expensive!
> >>
> >>
> >
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:05 GMT-3