How can an Ethernet layer 2 switch be used to implement physical and data security policies?
Most firewall appliances provide an external (public) interface, an internal (private) interface, and an optional (DMZ) interface. Binding firewall policies to these physical interfaces is a proven approach that meets the needs of many small-to-medium-sized businesses. However, as your network grows, firewall rules become more complex. Workgroups within your company may require different applications or permissions. As unique requirements accumulate, implementing changes for one group without affecting others becomes a challenge. Eventually, solving this challenge requires a more modular approach. Virtual LANs (VLANs) break apart large networks into smaller pieces that are easier to maintain. VLAN tags have long been implemented by Ethernet switches for more efficient LAN operation. Extending VLANs into your firewall takes this modularity to the next level.
Most firewall appliances provide an external (public) interface, an internal (private) interface, and an optional (DMZ) interface. Binding firewall policies to these physical interfaces is a proven approach that meets the needs of many small-to-medium-sized businesses. However, as your network grows, firewall rules become more complex. Workgroups within your company may require different applications or permissions. As unique requirements accumulate, implementing changes for one group without affecting others becomes a challenge. Eventually, solving this challenge requires a more modular approach. Virtual LANs (VLANs) break apart large networks into smaller pieces that are easier to maintain. VLAN tags have long been implemented by Ethernet switches for more efficient LAN operation. Extending VLANs into your firewall takes this modularity to the next level. Instead of binding firewall policies to physical interfaces, VLANs can bind policies to virtual interfaces, maintaining independen