1

I have question regarding network architecture with very close view on FW device port usage on business firewalls like Zyxel ATP800. For example, this FW has 12 customizable ports (WAN,LAN, etc)

I often see that only 2 ports are used: 1xWAN + 1xLAN which goes to managed switch where all VLANs / network separation is configured.

So question: Is it bad practice to use more ports on ATP800 directly ? For example:

p1- as wan

p3- lan1 (vlan1,2,3,4)

p4- lan2 (vlan 5,6,7,8)

p5- lan3 (vlan6,...)

etc ?

many thanks

RetroIP
  • 13
  • 3

2 Answers2

1

You can certainly use the other switch ports on the ATP800 if you want. But if you do then you are limited to whatever configuration and features it provides, which may or may not meet your needs. If it doesn't have functionality you need, then you have to use another switch that does, which is generally the reason why you would see only the single LAN port in use.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
0

I would add another reason why it can be a bad idea;

The router often do traffic inspection or DPI often they call the module.

As such without knowing it use between the LAN port will cause highter CPU cycle of the router as it will inspect everything. A high load on the port could cause problem with the hardware.

yagmoth555
  • 16,758
  • 4
  • 29
  • 50