Comment on Feedback on Network Design and Proxmox VM Isolation
Pete90@feddit.de 8 months agoThanks for your input. Am I understanding right, that all devices in one VLAN can communicate with each other without going through a firewall? Is that best practice? I’ve read so many different opinions that it’s hard to see.
MSgtRedFox@infosec.pub 8 months ago
You’re correct about vlan.
Think if vlan is a regular switch. Connect stuff, they communicate. Make two vlans in a switch, think of turning your physical switch into two separate switches.
Connect you switches to a router. Don’t want to waste two cables from your switch that’s cut in half? Do trunk port, with vlan tagged.
Lots of videos will explain better.
Best practice is to separate things of different trust levels into different vlans. You can filter and control the traffic between those vlans with your router.
As previously mentioned, in the Enterprise and business world, best practice is to separate and management from VMS and applications. We call this data plane and control plane. You would restrict access to your proxmox for other hypervisor interface from the VMS and applications. For small home setups and funsies, this gets a little complicated, but if it’s your career choice or interest, it’s a good thing to explore.