The VLAN concept
Running an internal FW is not an easy task. Internal communication is very complicate and really hard to manage due to protocol complexity and the huge number of rules needed.
A VLAN-FW has a big advantage over tradition firewall mainly because of the big number of interfaces you may have for network segmentation and isolation. In theory, you can have up to 256 VLANS or 'zones' for each physical interface of your ESG V-LAN firewall.
Basic Setup (right diagram)
Requirements : Network switch with VLAN support
Create one or more VLANS and a trunk to your VLAN switch. The VLANs will accept traffic from your hosts (pcs, servers, printers etc) and the trunk will forward it to ESG FW for further processing (apply firewall rules). Routing and communication between the VLANs (pcs, servers, printers etc) will be controlled by the FW's rules.
|