Announcement

Collapse
No announcement yet.

Isolating ports on DMZ Vlan

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Isolating ports on DMZ Vlan

    Hey all,

    We have a Catalyst switch which is connected to Checkpoint firewall and also hosts 2 servers in the DMZ. We want to isolate those servers so connection between them will not be possible. We thought of VLAN's. Since the firewall has no additional nics available. Only one NIC is available for this manner. Is it possible to use the same port as trunk port for two vlans and connect this port to the firewall directly?

    Thanks.

  • #2
    Re: Isolating ports on DMZ Vlan

    Depending on what OS your check point is running.
    If it's on windows you cannot create VLAN tags, but on SPAT or Nokia this shouldn't be an issue.
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Isolating ports on DMZ Vlan

      here you go sir...

      http://www.cisco.com/en/US/tech/tk38...8017acad.shtml

      It's more complicated that I originally thought, but easily doable. You should post up your results when your done so we can check it out.
      -Tim

      Comment


      • #4
        Re: Isolating ports on DMZ Vlan

        Unfortunately Private Vlan is not supported on the switch I asked about.
        It's the C2950. But I did solve this by using a feature called Protected Port where unicasts, broadcasts and multicast interactions between those ports are being blocked by the switch. So I simply set a Vlan, configured the two ports to be protected and now even if both of them are on the same subnet they must go to layer 3 (through the firewall).

        Thanks.

        Comment


        • #5
          Re: Isolating ports on DMZ Vlan

          Glad to hear you got it working.
          -Tim

          Comment

          Working...
          X