Quote:
Originally Posted by chillyjim  AFAIK you can, routing takes place after inspection. Make sure you add the new network into the topology or anti-spoofing will drop the packets. |
Thanks Chillyjim,
In this case, why does one require separate interfaces on a FW (aside from the internet outside) if you can route separate VLANs internally via a core to the inner FW interface and then use the policy to protect which protocols you want between these subnets? i.e. In the same respect, can I not take all my vendor networks and send them to my core - let's say VendorA=32.78.121.0/24 and VendorB=129.32.50.0/24 and then my core will have a route for these unknown networks to my FW (10.10.0.6), and as long as I have static routes on my FW going back to the core, it should send the traffic back to the vendors?
Someone say you can't send "routed" networks through a Switch, it won't work from a routed (VendorA+B) to a non-routed (my 10.100.0.0) address, but I can't see why not if my core knows where to send the traffic?
Thanks
~k