A switch has two VLANs, VLAN 3 and 4.
The internet router will be connect to VLAN 3. A firewall with one leg will connect to VLAN 3 while the other leg will connect to VLAN 4. Internal servers will be plugged into VLAN 4.
1. Is it common way to split the internet and internal with two separate VLANs ?
2. Once there is a device (say a firewall) plugged into the internet and internal internet, can two IP be pingable if nothing is configured with the firewall. (ie. inter-vlan routing within switch)
3. Providing the firewall rule has been setup for mapping from public IP to internal web server, will the routing always go through the firewall routing ? Does I need to explicitly setup any ACL on the switch ?