• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

How to set up network

P

pmark

Senior member
Hi all,

I'm trying to secure our company's network and I'm not so sure which devices we need. We have 3 groups of computers/servers. Computers from each group should not have access to the other groups computers. I was thinking that I would need to setup VLANs or just use separate subnets for this, but I'm unsure on which one. I also need to provide VPN access separately to each computer group. All of these computers need to be behind a firewall.

From reading the previous posts, it seems like I would need a Juniper SRX100, fortigate 60c, or a Cisco ASA 5505. Is that all that I would need? Would that one device be able to handle the firewall, VLANs, and VPN access? I want something that isn't going to require a lot of upkeep as I'll be the one supporting it (and I don't want to spend too much time maintaining it)

Thanks!
 
Hire someone to do it for you. You'll save yourself a hell of a lot of headache.

VLANs themselves will not prevent L3 traffic, particularly if you want all three VLANs to share the same Internet connection. You need to restrict that traffic with ACLs.

An ASA5505 cannot trunk VLANs without the Sec+ license, which prices it far above the competition (you can get around this with a L3 switch, but then you're really above the competition). My recommendation would be the Juniper SRX100B.
 
Linux can integrate with AD/LDAP. But anyways with the LINUX server if you dont integrate it users wont have permissions to access it. Separate networks really seems like overkill for this situation.
 
Not so sure i believe in the single subnet idea. Reason being, whether or not they are running UC in this network, or whatever. I have always seperated printer, phone, and server traffic from standard day to day traffic. Honestly, without doing an assessment on what all you need, we would be winging it. However, I almost always recommend at least a Cisco ASA 5505 for its Vlan management, firewalling, and vpn connectivity. Especially with an outside static ip.

Im with Drebo, hire someone if you dont know how to setup an ASA.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top