Intervlan firewall

Hi,

We have a Cisco switched network with a number of vlan's. We have two 4006 vtp server switches where the intervlan routing is taking place. On these 4006 switches we have rather big and growing ACL's applied to the different vlan interfaces.
As you know administration of ACL's is a little difficult and not admin friendly. I can do it, but my workmates who do not have very deep network and Cisco knowledge can't.
I'm wondering if we can move the ACL's away from the Cisco switches and put them on an opensource firewall with gui administration?
I'm concerned about performance and wondering if this is a recommended setup or if there is a more clever way to move away from ACL's?

Kind regards,
Rutger

Yes, build layer 2 vlans which spans both switches and put a firewall interface in each of the each. Then, use the firewall interface as your default gateway for each of the respective vlan. Perhaps you can just do router on a stick and put your ACLs on the router.

Hi,

We have a Cisco switched network with a number of vlan's. We have two 4006 vtp server switches where the intervlan routing is taking place. On these 4006 switches we have rather big and growing ACL's applied to the different vlan interfaces.
As you know administration of ACL's is a little difficult and not admin friendly. I can do it, but my workmates who do not have very deep network and Cisco knowledge can't.
I'm wondering if we can move the ACL's away from the Cisco switches and put them on an opensource firewall with gui administration?
I'm concerned about performance and wondering if this is a recommended setup or if there is a more clever way to move away from ACL's?

Kind regards,
Rutger