Wired Intelligent Edge

 View Only
last person joined: yesterday 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

Layer 3 Switch with DMZ

This thread has been viewed 20 times

  • 1.  Layer 3 Switch with DMZ

    Posted Mar 14, 2024 06:49 AM

    Which aruba switch is suitable for DMZ 



  • 2.  RE: Layer 3 Switch with DMZ

    Posted Mar 14, 2024 07:51 AM
    Can you elaborate a bit more on your requirements? What features do you expect, what types of ports do you need, what should be connected to the switch?



    Original Message


  • 3.  RE: Layer 3 Switch with DMZ

    Posted Mar 14, 2024 07:57 AM

    It Was a requirement specification shared by client

    Layer 3 Switch with DMZ - 24port Ethernet 10G Base-T


    Original Message


  • 4.  RE: Layer 3 Switch with DMZ

    EMPLOYEE
    Posted Mar 15, 2024 04:08 AM

    Normally you won't do L3 on a DMZ switch, DMZs normally terminate on a firewall as it is more a security/topology concept (with no/limited routing).

    Other information missing is the uplink ports/type, performance requirements, redundancy requirements, etc. There are multiple switches/solutions that match '24x 10G-T', but they differ in price, performance and redundancy. It may be good to get the requirements set first, and/or work with your Aruba partner or local Aruba team to select the proper networking equipment.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


  • 5.  RE: Layer 3 Switch with DMZ

    Posted Mar 15, 2024 06:19 AM

    100% agreed regarding L3 on a DMZ switch. However, this is perhaps not the point which changes a decision regarding which platform to use. 

    Looking at Aruba's portfolio there is the following possible choices:

    • 6300M 24SR10
    • 6400 --> most probably an overkill esp. in terms of size
    • 8100 24XT
    • 8360 48XT4C

    The 6300M platform is the cheapest but suffers from a real clustering feature (2 control planes), 8100 would be my choice if clustering (VSX) is a must. It also offers a good mix of port types. 8360 would be the most performant system but you also pay for it. 


    Original Message


  • 6.  RE: Layer 3 Switch with DMZ

    Posted Mar 19, 2024 02:40 AM

    Thank you all for sharing your knowledge and insights.

    Maybe if you could guide me on the best practices for setting up a DMZ.


    Original Message


  • 7.  RE: Layer 3 Switch with DMZ

    Posted Mar 19, 2024 02:41 AM

    Thank you all for sharing your knowledge and insights.

    Maybe if you could guide me on the best practices for setting up a DMZ.


    Original Message


  • 8.  RE: Layer 3 Switch with DMZ

    EMPLOYEE
    Posted Mar 19, 2024 12:07 PM

    An explanation of DMZ can be found on Wikipedia. There are some diagrams of a single firewall and dual firewall DMZ. The idea is to leave all L3/routing on firewalls and strictly control the traffic that is allowed to/from the outside (and inside) world. Personally I would leave DMZ switches only L2 (switching) and not put any L3 (routing/management) in any of the DMZ VLANs.

    From networking perspective a DMZ switch is not very different from another switch, or an internet switch. In general, limit the exposure and lock down the configuration. Because 'DMZ switch' is an arbitrary term, and ask 10 people, get 10 different answers, it may be best to ask your client what they expect from it. And there should be (created) a design that has the physical, L2, L3 and security policies in there. You can't just ask for a DMZ switch and suppose it's fully clear what is meant with that. It may even be the same as the other (TOR) switches, or different as you just need L2.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message