03-05-2021 08:52 PM - last edited on 12-01-2021 04:34 PM by jdelio
the title says it pretty much. Trying to consolidate a 24 port switch that only uses 3 ports with another 24 port that is only using 2 ports.
How safe/comfortable would you be if you used the same switch for DMZ and WAN traffic, but separate them by VLAN, and strict access trunks to a firewall?
03-06-2021 07:47 AM
It's always strongly recommended to use different layer 2/layer3 switches for WAN links and DMZ servers connectivity.
03-07-2021 08:42 AM
It's not about how many ports are using or not using. It's about security. How much security you are providing for your server or servers in DMZ and your wan interfaces are entry for all your outside (untrust ) traffic enter point ie inbound traffic. There are couple chances that attackers can initiate DOS or DDOS /flooding mechanism like syn and ip etc and also there is chance that ip spoofing or Mac spoofing or any one of above will down your network interface and it's tough to troubleshoot when even you get an issue or traffic issue. And also think about redudnacy solution all wan and DMZ are dependent on same switch also loop hole in design.
That's a reason I recommend to use two different or staked redudnat switches towards both links.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!