NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

kellysmith120's avatar
kellysmith120
Aspirant
Aug 13, 2019

Firewall segmentation

I have a small municipal network of about 20 pc's with a Server 2016 with AD, and an ip network of 192.168.1.x

We have a 24 port unmanaged network switch as the main switch.

One port runs to another unmanaged 5 port switch where all of the Police Dept pc's are plugged in.

 

We are implementing a new software in the police department that requires a firewall be between the switch in the PD and the main switch (effectively segmenting the traffic).

 

I'd like to keep using our DHCP on the server.  Is there a switch that has a built in firewall that would do this instead of putting in a router and having a different ip addressing scheme?

3 Replies

  • Nodism1125's avatar
    Nodism1125
    NETGEAR Expert
    Aug 13, 2019

    Hi Kellysmith120, 

     

    Unamanaged switches wont help you to create a firewall. Since the WIN2016 server as  DHCP server, you can also create windows firewall using the server. 

     

     

    • kellysmith120's avatar
      kellysmith120
      Aspirant
      Aug 14, 2019

      I'm aware that an unmanaged switch as we have won't do it.  I can't have the firewall on the server (although there is one there), it must be between the main switch and the switch for the police department.

       

      Is there a firewall appliance that will sit between these two switches to satisfy the requirement for the software?   Or will I have to use a router in order to have a firewall there?

      • jec956613's avatar
        jec956613
        Tutor
        Sep 22, 2019

        This is probably late, but you'll need them both to be on different subnets, with a routing device between the two and can then control traffic in one of two ways:

         

        1) ACLs, dictating which addresses and ports are allowed or not.

        2) Stateful firewall, which tracks every connection and is much more hardened.

         

        The first can be done on any standard router (including a switch with L3 routing), the second needs a dedicated firewall device or a router with built-in firewall feature (or theoretically a firewall blade on a bladed switch).

         

        So you'll either need to replace your first unamanged switch with an L3 switch, or install a router placed into classical routing mode between the two existing unmanaged switches.  And, to be honest, the router is usually cheaper. :)

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More