0
I have 2 routers connected to a switch. Each router has a connected server, one server is a mail server, the other server is a web server.
If I needed to block communication from the web server to the mail server which firewall do I change the ACL, or do I change both routers ACL, or do I change the switches ACL?
holton0289
Posted 2016-08-03T21:04:48.620
Reputation: 1
1
You can configure any of the mentioned ACLs/Firewalls or a combination based on your requirements and scenario, but best practice is to configure switch's ACL, since it's your core device. Doing so minimizes administration effort by reducing configuration entropy among different devices.
NetwOrchestration
Posted 2016-08-03T21:04:48.620
Reputation: 2 385
+1 for "Doing so minimizes administration effort by reducing configuration entropy among different devices." – Anaksunaman – 2016-08-04T02:01:47.507
Thanks, so the switch is usually the default location. if you had a 3rd node connected to the switch with several workstations connected to a 3rd router and you wanted to block traffic to the web server and the mail server from one workstation it should all be done at the switch? – holton0289 – 2016-08-03T21:49:46.260