Protect the link between the firewall and the switch
Freshman Member
Hi
I’m using MAC authentication on a GS1920-24 switch to prevent unauthorized devices from connecting to it. However, I can’t use MAC authentication on the uplink to the firewall. How can I ensure that only the firewall can connect to the switch, and only the switch can connect to the firewall? The firewall is a USG FLEX 100.
Best regards,Olav
All Replies
-
There is no way I see you can do this you could ACL the source MAC of the FLEX 100 LAN gateway or/and add all the destination MAC clients. Or to make it so that no untag device can connect to the FLEX 100 by using a VLAN.
But the idea is no one would have access to the uplink.
I guess what you want is to encrypt the the link? Interesting idea such that packets are encrypted and can only be decrypted by matching key.
0 -
Hi @Elgen07
Normally, the firewall and core switch should not be easy to touch. May I know where did your place?
For the function to prevent unauthorized devices, you can enable MAC authentication on the switch only if no other device is connected to the firewall on the same interface. On the firewall, there is no option to achieve it.
Zyxel Melen0 -
Hi,
Thanks for your reply — you pretty much confirmed what I feared. However, perhaps it would be a good idea to secure the link between the firewall and the switch.
Best regards,Elgen
0 -
Or you can get another USG and do a VTI so that where the switch is you have a short link to this other USG then VTI to the main USG
0
Guru Member
Categories
- All Categories
- 439 Beta Program
- 2.8K Nebula
- 199 Nebula Ideas
- 126 Nebula Status and Incidents
- 6.3K Security
- 496 USG FLEX H Series
- 322 Security Ideas
- 1.6K Switch
- 83 Switch Ideas
- 1.3K Wireless
- 49 Wireless Ideas
- 6.8K Consumer Product
- 286 Service & License
- 457 News and Release
- 89 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 95 Security Highlight
