Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersFirewall vs L3 Switch

BTR

BTR

1527 posts

Uber Geek
+1 received by user: 449


#233348 12-Apr-2018 11:37
Send private message

I was have a conversation earier today about IPv4 ACL and it was suggested that its better to do this on a switch opposed to a firewall.

 

For example if I had two VLANs, VLAN 1 and VLAN 2 and I wanted to allow some traffic from V1 to V2 but block other traffic that I would be better off using a L3 switch to do this rather than a firewall.

 

PS when I am talking about firewalls I am talking abouter enterprise grade equipment not a small home internet router. 

 

 

 

Im interested to know peoples thoughts on this.

 

 




---

 

Blake R

 

www.btr.net.nz

Create new topic
tatbaird
142 posts

Master Geek
+1 received by user: 8


  #1994740 12-Apr-2018 11:45
Send private message

Well, this peoples thoughts would be, it depends. If all you want to do is allow only certain traffic between VLANs then all you need is a switch with some ACLs on it. A firewall just does ACLs as well though, but it will handle a lot more than that if you want it to. You could just use an IOS based firewall for basic stuff or for branch sites.




Well let me just quote the late-great Colonel Sanders, who said "Im too drunk to taste this chicken." -Ricky Bobby



chevrolux
4962 posts

Uber Geek
+1 received by user: 2638
Inactive user


  #1994787 12-Apr-2018 12:45
Send private message

It's got to depend mainly on topology right. If you have a remote branch that has a L3 switch installed, might as well use a local ACL on that switch to allow routing between the VLANs. No sense having traffic routed via a firewall back at HQ.

 

Then by extension of that, you would employ the same solution at the HQ so as to keep everything similar in terms of what core or edge devices do.

MattHNZ
24 posts

Geek
+1 received by user: 16


  #1994788 12-Apr-2018 12:49
Send private message

How much traffic are you looking at passing through your network?

 

Keep in mind that an ACL on a switch is normally done in hardware (providing line rate throughout). Where as most firewalls the traffic processing is done through the CPU.

 

If you have a busy firewall box doing all sorts of other things like DPI, SSL inspection and stuff like that. You might want to keep the load down on your FW and do the ACL on a core switch.

 

 

 

 

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright