This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM with Layer 3 Switch

Hi,

I'm looking for some guidance on the correct way to setup the UTM with a Layer 3 switch that has ip routing enabled.

HP Procurve Switch setup:
-vlan 100 - 192.168.100.1/24
-vlan 110 - 192.168.110.1/24
-vlan 120 - 192.168.120.1/30 (port 1)(UTM)
-Default route - 192.168.120.2 (UTM interface)

UTM scenario 1:
-HP Procurve switch port 1 connected to UTM (untagged)
-Create 1 interface - 192.168.120.2/30
-Create network definition - 192.168.100.0/24
-Create network definition - 192.168.110.0/24
-Add a static route - 192.168.100.0/24 -> 192.168.120.1
-Add a static route - 192.168.110.0/24 -> 192.168.120.1
-Add firewall, masquerading rules, etc. for all the networks

UTM scenario 2:
-HP Procurve switch port 1 connected to UTM (tagged vlan 100, vlan 110, vlan 120)
-Create Ethernet vlan interface - vlan 100 - 192.168.100.2/24
-Create Ethernet vlan interface - vlan 110 - 192.168.110.2/24
-Create Ethernet vlan interface - vlan 120 - 192.168.120.2/30
-Add firewall, masquerading rules, etc. for all the interfaces

Any guidance would be much appreciated.

Thanks!

This thread was automatically locked due to age.

Parents

0 Ross86 over 10 years ago

I prefer option 1 but as above if you need to scan traffic between the two option 2 may be better, as long as clients use the UTM VLAN address for their gateway.

You can always do a bit of both. Insecure network can be on the UTM and internal networks can be kept on the HP switch.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Ross86 over 10 years ago

I prefer option 1 but as above if you need to scan traffic between the two option 2 may be better, as long as clients use the UTM VLAN address for their gateway.

You can always do a bit of both. Insecure network can be on the UTM and internal networks can be kept on the HP switch.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data