DMZ VLANs

markhimsley · October 31, 2023, 3:21pm

I want to create some DMZ VLANs in my home-lab.

Should I be using multiple bridges, or should I be using firewall rules to separate the VLANs into DMZs?

Up to this point I’ve only had 750Gr3 routers, am I right in remembering that the switch chip can only have one bridge before switching becomes a CPU task?

I’ve just got an L009 router as an upgrade, am I right in thinking the the switch chip is much more capable and may give me more options on creating DMZs?

Thanks

mkx · October 31, 2023, 5:27pm

You should be using single bridge.

And yes, you should be using firewall.

The two items above are not correlated (i.e. by using multiple bridges one doesn’t bypass necessity for firewall).

And no, creating DMZ doesn’t really depend on switch chip - in some cases switch chip can offload CPU but AFAIK L009 doesn’t come with such switch chip.

markhimsley · November 1, 2023, 5:09pm

Brilliant answer.
I’ll stick one bridge firewalls.
Thank you

anav · November 1, 2023, 5:14pm

http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1