Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersFirewall vs L3 Switch

BTR



1522 posts

Uber Geek


#233348 12-Apr-2018 11:37
Send private message

I was have a conversation earier today about IPv4 ACL and it was suggested that its better to do this on a switch opposed to a firewall.

 

For example if I had two VLANs, VLAN 1 and VLAN 2 and I wanted to allow some traffic from V1 to V2 but block other traffic that I would be better off using a L3 switch to do this rather than a firewall.

 

PS when I am talking about firewalls I am talking abouter enterprise grade equipment not a small home internet router. 

 

 

 

Im interested to know peoples thoughts on this.

 

 




---

 

Full time IT Manager, part time gamer & part time grease monkey. 

 

 

 

Certifications : Apple ACHT, Apple ACDT,  Apple ACPT, Sonicwall CSSA, Ruckus WISE Guy, Allied Telesis CAI & CASE

 

Youtube Channel https://www.youtube.com/channel/UCmFzRr2KofyrHV6t36pdC_w

 

 

Create new topic
135 posts

Master Geek


  #1994740 12-Apr-2018 11:45
Send private message

Well, this peoples thoughts would be, it depends. If all you want to do is allow only certain traffic between VLANs then all you need is a switch with some ACLs on it. A firewall just does ACLs as well though, but it will handle a lot more than that if you want it to. You could just use an IOS based firewall for basic stuff or for branch sites.

4570 posts

Uber Geek

Trusted

  #1994787 12-Apr-2018 12:45
Send private message

It's got to depend mainly on topology right. If you have a remote branch that has a L3 switch installed, might as well use a local ACL on that switch to allow routing between the VLANs. No sense having traffic routed via a firewall back at HQ.

 

Then by extension of that, you would employ the same solution at the HQ so as to keep everything similar in terms of what core or edge devices do.

 
 
 
 


24 posts

Geek


  #1994788 12-Apr-2018 12:49
Send private message

How much traffic are you looking at passing through your network?

 

Keep in mind that an ACL on a switch is normally done in hardware (providing line rate throughout). Where as most firewalls the traffic processing is done through the CPU.

 

If you have a busy firewall box doing all sorts of other things like DPI, SSL inspection and stuff like that. You might want to keep the load down on your FW and do the ACL on a core switch.

 

 

 

 

Create new topic




News »

Pre-orders for Huawei MateBook 13 open now
Posted 14-Aug-2020 14:26

Freeview On Demand app launches on Sony Android TVs
Posted 6-Aug-2020 13:35

UFB hits more than one million connections
Posted 6-Aug-2020 09:42

D-Link A/NZ extends COVR Wi-Fi EasyMesh System series with new three-pack
Posted 4-Aug-2020 15:01

New Zealand software Rfider tracks coffee from Colombia all the way to New Zealand businesses
Posted 3-Aug-2020 10:35

Logitech G launches Pro X Wireless gaming headset
Posted 3-Aug-2020 10:21

Sony Alpha 7S III provides supreme imaging performance
Posted 3-Aug-2020 10:11

Sony introduces first CFexpress Type A memory card
Posted 3-Aug-2020 10:05

Marsello acquires Goody consolidating online and in-store marketing position
Posted 30-Jul-2020 16:26

Fonterra first major customer for Microsoft's New Zealand datacentre
Posted 30-Jul-2020 08:07

Everything we learnt at the IBM Cloud Forum 2020
Posted 29-Jul-2020 14:45

Dropbox launches native HelloSign workflow and data residency in Australia
Posted 29-Jul-2020 12:48

Spark launches 5G in Palmerston North
Posted 29-Jul-2020 09:50

Lenovo brings speed and smarter features to new 5G mobile gaming phone
Posted 28-Jul-2020 22:00

Withings raises $60 million to enable bridge between patients and healthcare
Posted 28-Jul-2020 21:51


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.