| JP Vossen on 6 Jul 2017 17:58:36 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Fios Quantum Gateway Router / Cabling type |
On 07/06/2017 06:05 PM, Lee H. Marzke wrote:
I forgot to say, that I now connect FIOS ONT Ethernet directly to a Cisco switch, put that ingress traffic on a custom VLAN, and send it to the pfSense VM in my server cluster. So I have no need for any unreliable consumer devices in the network path.
But you DO have to trust that malicious traffic can't jump out of the VLAN and/or virtualization on the way to or from your FW! I'll grant that it's a small risk, but I'd never put guests in different security classifications on the same VM hypervisor, or trust a VLAN for that.
My ONT terminates in Ethernet, to a physical firewall (SmallWall) using physical wires. Wi-fi is another physical segment from the FW, as is VoIP.ms. I think I have a spare segment for use as a DMZ, if needed, but it's been a long time since I needed to know that.
Later, JP -- ------------------------------------------------------------------- JP Vossen, CISSP | http://www.jpsdomain.org/ | http://bashcookbook.com/ ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug