2 VLAN on same switch to a firewall

I don't understand why a switch needs 2 VLAN to the same firewall.

Device outside (VLAN X) === Firewall ==== Device inside (VLAN Y)

In my case, the inside device has vlan X and Y configured on it. Why?

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

Iristheangel

Check out some of the entries on VLANs and firewalls here:
http://tinyurl.com/zz8bfzf

OctalDump

I'm not sure I understand the question. It seems like you are asking why one side of the firewall needs to be segregated from the other side of the firewall.

Is the inside device with VLAN X+Y a switch? Because if that's the case, then logically, you could think of them as two separate switches. The only way for data to flow between the VLANs is with a layer 3 device. You could, in theory, set up an end point (eg a server) connected to a trunk to the switch and have access to the two VLANs on two different 'virtual' interfaces.

dppagc

I see. In that case may I ask if a firewall is a purely layer 2 device or does it have layer 3 properties as well? (like an L3 switch)

OctalDump

dppagc wrote: »

I see. In that case may I ask if a firewall is a purely layer 2 device or does it have layer 3 properties as well? (like an L3 switch)

Usually firewalls operate at layer 3 - connecting to various subnets -, however there are layer 2 firewalls which are also called transparent or bridging firewalls. Some firewalls can be configured to work in either mode.

dppagc

Are there firewalls that accept routing protocols? In my network, it seems that only static routes are accepted.

jamthat

dppagc wrote: »

Are there firewalls that accept routing protocols? In my network, it seems that only static routes are accepted.

Yes, typically firewalls will also support dynamic routing protocols

dppagc

It seems that my checkpoint firewall only accepts static routes