Given that there are N number of hosts on a given network being used for different purpose, should we place a machine for penetration testing or vulnerability scanning on same LAN or should we have that machine/host on separate network and specifically whitelist that IP address on the firewall in between?
One reason for thinking about placing them on same network is the scanning speed and other is not triggering any tripwires in between the scanning machine and the target host. Any other thoughts why or why not to?