Results 1 to 5 of 5

Thread: VLAN or DMZ

  1. #1

    Default VLAN or DMZ

    I am looking for your opinion on setting up an Epygi M8L. As this is a new installation I am wondering if it is better to put the PBX on a DMZ or on a VLAN. We are using a Sonicwall NSA 240 and I have a managed switch available. I was thinking that putting the PBX on the VLAN with the phones connected to the WAN side of the Epygi would make it a little easier to manage the overall. However, if I put the Epygi on a DMZ in Transparent Mode the phones would be on the LAN side of the Epygi and I can take advantage of the auto provisioning.

    Your thoughts are appreciated.

  2. #2

    Default

    How many extensions? the m8l = under 100 so depending on your setup time would determine which side of the nic you swing.

  3. #3

    Default

    This is a small installation only 10 phones to start with and I have a 3-4 days until installation begins.

    I am trying to get a feel for the better or preferred configuration setup on a fresh network and ip phone system installation. Usually we are trying to fit into and existing infrastructure but not this time. I can add switches if need be, the current thought was to have one 24 port poe managed switch and split the phone from the data using a VLAN. However, if the switch goes out, then both the data and voice is down, where if there were 2 switches, one for voice and one for data it would be more unlikely that both switches would go down at the same time.

    If the Epygi is on a VLAN, is it better to have the phones on the WAN side or LAN side? Functionally and operationally is one side better than the other, besides having to manually configure the phones if on the WAN side?

    If the Epygi is on the DMZ is the greater exposure to the Epygi worth the risk?
    Last edited by flyboy_dea; 10-16-2011 at 05:02 PM.

  4. #4

    Default

    Quote Originally Posted by flyboy_dea View Post
    This is a small installation only 10 phones to start with and I have a 3-4 days until installation begins.

    I am trying to get a feel for the better or preferred configuration setup on a fresh network and ip phone system installation. Usually we are trying to fit into and existing infrastructure but not this time. I can add switches if need be, the current thought was to have one 24 port poe managed switch and split the phone from the data using a VLAN. However, if the switch goes out, then both the data and voice is down, where if there were 2 switches, one for voice and one for data it would be more unlikely that both switches would go down at the same time.

    If the Epygi is on a VLAN, is it better to have the phones on the WAN side or LAN side? Functionally and operationally is one side better than the other, besides having to manually configure the phones if on the WAN side?

    If the Epygi is on the DMZ is the greater exposure to the Epygi worth the risk?
    Forget DMZ's , VLAN's , it isnt worth the overhead or risks for the alleged savings - keep em seperated - deploy on the Lan, use filtering and port forwarding with ip restrictions.

    KISS principal

  5. #5

    Default

    Vlan vs. DMZ. Setting up your guests on the DMZ would be a lot more secure. How many IDFs do you have?
    If it is a small building, then adding a switch for your guest and adding DHCP to the DMZ with the ASA, would be the most controlled solution and recommended one. Do not open rules for inbound!! You are giving them internet access, which means that they open the connection to the outside, don’t let the outside open the connection to them by adding rules for the inbound traffic!!!
    VLANs would be a less expensive way to connect them if we are talking about a huge network with multiple IDFs. This solution is less desirable since you have to be really carefull to which vlan you assign each port.
    Last edited by Pechnik; 11-07-2011 at 06:54 AM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. M32x Vlan Issue
    By helspass in forum Troubleshooting and Problems
    Replies: 4
    Last Post: 12-23-2010, 02:57 PM
  2. VLAN support
    By Janousek2 in forum 'How Do I' Questions
    Replies: 2
    Last Post: 08-03-2010, 03:57 AM
  3. Vlan and 10 Meg Wan port bottlekneck
    By ritsadmin in forum 'How Do I' Questions
    Replies: 4
    Last Post: 06-12-2009, 10:31 AM
  4. IP Phones on VLAN Segments
    By Carsten in forum 'How Do I' Questions
    Replies: 5
    Last Post: 05-19-2009, 11:20 PM
  5. VLAN Support on Epygi Quadro 2x an Aastra terminals
    By skyways in forum 'How Do I' Questions
    Replies: 1
    Last Post: 03-25-2009, 02:27 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •