Layer 3 switch with stateful inspection capability

Hello:

I need a layer 3 switch with all gigabit ports (48 ports) that can do stateful packet inspection between vlans.  The switch will have about 3 vlans.

This switch will be connected to a single LAN interface on the hardware firewall device and not each vlan to each firewall interface and I want the switch to do the routing/managing traffic between vlans to take advantage of the switch's gigabit speed rather than the firewall's 100 mb interface.
Do I even need a layer 3 switch in this case as all the vlans will be hosted on the same switch?

Can you recommend me a good switch make/model that's reasonably priced that is:
-layer 3
-can do stateful packet filtering between vlans on its ACLs.
-48 gigabit ports.

It doesn't need to be CIsco as I'm looking for a reasonably priced one.
LindowsAsked:
Who is Participating?
 
cdowdyCommented:
You might take a look at the Juniper EX4200-48T.. It is a layer 3 switch which can do static packet filtering through RVI interfaces via "Junos Firewall Filters" (Junos ACL) and has 48 gigE ports and is not a Cisco.
0
 
SIM50Commented:
As far as I know Cisco 6500 series switches are the only ones who support firewall modules.
It would be cheaper to upgrade your ASA license to support 1Gb interfaces than buying 6500.
0
 
LindowsAuthor Commented:
So you're saying no switches other than Cisco 6500 can do stateful inspection?
If that's the case, then I'd need to settle for packet filtering between vlans as buying 6500 would be overkill for my case.
I'm not running ASA btw.

 
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Istvan KalmarHead of IT Security Division Commented:
Hi,

You need ASA, if you not want to buy 6500!

BEst regards,
Istvan
0
 
LindowsAuthor Commented:
Is it just the stateful packet inspection that is only capable by 6500?
Then let me rephrase my question:

I'll need a switch that is:
-layer 3
-can do static packet filtering between vlans on its ACLs.
-48 gigabit ports.

0
 
Istvan KalmarHead of IT Security Division Commented:
Only 6500 capable to do:

-layer 3
-can do static packet filtering between vlans on its ACLs.
-48 gigabit ports.
0
 
cdowdyCommented:
Also, look at the EX3200-48T it also may meet your needs if you don't need redundant internal power supplies etc..
0
 
LindowsAuthor Commented:
What about these?  These are little cheaper.

PowerConnect 5448
http://www.dell.com/us/business/p/powerconnect-5448/pd

Juniper EX2200-48T
http://www.juniper.net/us/en/products-services/switching/ex-series/ex2200/
0
 
cdowdyCommented:
I have no experience with the Dell switches, so I can't say.

As far as the EX2200, I have read that there are some routing features that these do not support, although I am not sure which. Best case if you like the Juniper pricing and features, might be to contact Juniper and discuss with them what your needs today and possibly in the future may be for this switch and they can guide you. The thing is that these all run JunOS and even though the OS might support a feature, the hardware may not. The 3200 and 4200 may be slight overkill for you, but they support probably anything you will come to need in the near future.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.