security groups versus network ACL to isolate traffic between subnets

peechspeech
New here

security groups versus network ACL to isolate traffic between subnets

Hi all:

 

I'm currently studying for comptia cloud exam and I  can't seem to decide the best answer for the following question.

I know it will be either security groups or network ACLs but which one is better in this case and why?

 

A cloud arhitect is asked to isolate  traffic  between subnets in an IaaS.The networks still  have to  communicate with  each other. Which one would you implement?

 

a.Configure security groups

b.configure HIPS

c.configure IDS

d.configurre network ACLs.

 

Thnx

4 REPLIES 4
PhilipDAth
Kind of a big deal
Kind of a big deal

The only possible solution is an ACL.

 

A security group is simply a collection of hosts or subnets.  It in itself doesn't limit traffic.

 

but ACL   would block the traffic  between the networks(at lest thats my understanding of ACLs) and the questions states that they still should be able to communicate...

 

thnx

Obviously don't put block rules in place for traffic you want to allow.

NolanHerring
Kind of a big deal

Not sure if this is really relevant on the Meraki forums lol, but, well, off the cuff...if the networks still need to communicate, then using an ACL would in theory block communication between them (assuming the ACL is blocking the entire vlan/subnet). With security groups I would imagine you can leave communication between the networks alone, but isolate it per group so that user1 can converse, user2 cannot etc.
Nolan Herring | nolanwifi.com
TwitterLinkedIn
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels