I never keep a managed switch outside the firewall. However, I have a situation where I have to do that. I am connecting two Sonicwall NSA220 in HA configuration. So I have to use a small Ethernet switch in front of the firewall to connect the WAN cable to X1 port of both primary and slave firewall. I have ordered a pair of NETGEAR ProSAFE GS105Ev2 for that purpose.
Since the management IP of the managed switch has to be in the same subnet, I can only assign a WAN IP as the management IP of this switch. That means anybody can access this switch if I assign the IP, with password being the only defense.
What is the best way to deal with this? Not set the IP at all? I prefer to manage this switch, but not at the cost of security.
Best Answer
There are a few options with different security risks. You will have to decide which one(s) meets your needs.
I'm sure other readers can think of other techniques.