Mailing List Archive

Micro-segmentation
Dear all,
Many times my security team requires to have in place layer2 segregation in
order to create dmz on the firewall as security measure to prevent lateral
movement in case of different vlan management or to respect standards (pci,
nist, etc).

The result is in having hundreds or thousands vlans also if in each vlan
there are very few systems ( 3 o 4 servers, etc).

My question is: how did you manage the issue in case you faced it?
Private vlans?

Keep in mind we need to have a non stop environment and hence any possible
way forward must forecast it.

Cheers
James
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: Micro-segmentation [ In reply to ]
Hey James,

I’ve thought about this before and I looked at PVLANs, single VLAN made up
of multiple /31s and also VM-based FWs and handing over control to NSX etc.

PVLANs would be easiest, NSX-T w/automation looks great but no personal
experience to elaborate further.

On Sun, 2 Aug 2020 at 20:41, james list <jameslist72@gmail.com> wrote:

> Dear all,
> Many times my security team requires to have in place layer2 segregation in
> order to create dmz on the firewall as security measure to prevent lateral
> movement in case of different vlan management or to respect standards (pci,
> nist, etc).
>
> The result is in having hundreds or thousands vlans also if in each vlan
> there are very few systems ( 3 o 4 servers, etc).
>
> My question is: how did you manage the issue in case you faced it?
> Private vlans?
>
> Keep in mind we need to have a non stop environment and hence any possible
> way forward must forecast it.
>
> Cheers
> James
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
-sent from my iPhone; please excuse spelling, grammar and brevity-
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp