On 9/20/07, Jason Dixon <[EMAIL PROTECTED]> wrote: > On Sep 20, 2007, at 9:09 PM, Josh wrote: > > > Can someone please inform me if this is a really bad idea or not, > > ideally with some nice reasoning? > > What type of throughput is required between each segment? If you've > been around here much, you've probably heard me espouse on the > benefits of VLANs. This is certainly more elegant and secure than > running a number of virtualized OpenBSD systems on non-OpenBSD > virtual host.
Well, heck, if he's thinking of putting in lots of interfaces (probably to the tune of 1 interface per firewalled segment), why not just run ONE or TWO firewalls? Either vlan the things or dedicate one interface per network segment, both work well. Actually, use the two boxes, and carp them for failover. -- "This officer's men seem to follow him merely out of idle curiosity." -- Sandhurst officer cadet evaluation.
