Chapter 2. VLANs

Beginning in Version 6.2 of the PIX firewall, there is support for subinterfaces, trunk links, and VLANs. The PIX and ASA can support 802.1q encapsulation and a number of logical interfaces depending on the platform. This enables you to scale your perimeter security solution without the cost of additional hardware. For instance, I have had many clients in the past with a three-interface firewall configuration (inside, outside, DMZ).

Image

The problem that lies here is that all the web services are hosted on the same subnet, and while filtering is being performed between the outside and the DMZ, there is no filtering within the DMZ. ...

Get CCSP SNAA Quick Reference now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.