Link to home
Start Free TrialLog in
Avatar of leblanc
leblanc

asked on

firewall or core switch default gateway

I have several servers connected to my access switches. Those servers are remotely managed by a 3rd vendor. They are in vlan100 with its own subnet 10.10.100.0. Now the third vendor needs to configure with those servers with a gateway. The servers do not need to be accessed by anybody within the internal LAN.
Should I setup a SVI in the core for that vlan100 or should I give the firewall internal interface as the gateway for the servers?
If I give a SVI on my L3 core switch, then anybody can access them (unless I use access list). What are your thoughts? Thanks
SOLUTION
Avatar of Nico Eisma
Nico Eisma
Flag of Philippines image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of leblanc
leblanc

ASKER

I just learned that those servers are actually surveillance camera and they are all over the building. Let say that put them in the dmz is not an option.
can you share why putting them in a DMZ is not an option?

with my current company, we have our CCTV, badge security on a DMZ segment of the network as they are accessed and managed by third-party vendor.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of leblanc

ASKER

The devices need to have a default gateway in it. So just keep things simple and for my understanding, is it better to have a default route to the core or to the firewall? Thx

PS. I can always do the DMZ design. But I have to get back to the security group and it will take another 2 to 3 weeks (politics! you know what I mean)
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial