Is there a best practice in a situation like this? What should I consider to make a decision? If we route via the 元 switch, we benefit from the full throughput of the firewall for the WAN (which will be a 1Gbps connection), but the con being having to use "Policy Based Routing" on the 2 Core Switches which is generally a pain to administer. The pro being it's a hell of a lot easier to configure the firewalling between the VLANs this way. Router on a Stick), all inter-VLAN traffic is going to have to go via our Firewall device, which will naturally put on a load on it's overall throughput (especially with DPI enabled). My thoughts - if we route via the firewall (i.e. The question is whether we do the routing for the VLANs on the 元 switches themselves, or via the Firewall. We have core 元 switches, 20 L2 Access Switches and two HA firewalls. There will also be "Server" VLANs which potentially all other VLANs will need to access (or some may not, i.e. There will be some open VLANs like a "Public Print" VLAN and so forth. Each "customer" will naturally be on their own VLAN, and each VLAN will require access to the Internet and some other VLANs. We are in the process of setting up a serviced office that will serve multiple businesses.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |