Hello - we are looking into options to firewall between different VLANs on our network. We have about 1000 devices on the network, which is broken up into many vlans already, connected by 10G links. Cisco equipment, with a pair of 4500X's as the core, L3 switch. There are generally no ACL's or firewalls between these VLANs so they are free to route and talk to each other. From a security standpoint, thats the problem. I understand already about Lateral Movement Protection, but for some of my subnets, the segmentation is now a requirement.
Sure, ACLs are going to be an option and I may have to do that in some situations though it seems like it can become an admin headache quickly. I thought using my XG 550 HA cluster would be a better option. We would need to expand the Flexi modules to get 10 gig connections, as we only have 1 gig ports on it. Then make vlan interfaces for the subnets that we want firewalled, and change the gateway to the XG. Then we can write rules on the traffic.
Is anyone else doing something similar and what is your experience with this? We are not saturating the 10 gig pipes, but we are pushing past 1 gig on many of them. I worry that moving many of the subnets so that they go through the XG might in introduce routing latency, or possibly it can't process data on a 10G link fast enough.
Thanks for your advice.
This thread was automatically locked due to age.