One firewall creating multiple networks that can not see eachother

Question

I would like to configure a network like this:

&nbsp;
Using the SRX5308 firewall and a netgear switch with VLAN support.&nbsp;
This should be simple, but i can not find any way in the manual of the SRX to configure so that each VLAN can reach the internet but none of the VLANS can see eachother. Additionally i can not determine if i can create firewall rules in the SRX that will be specific for one VLAN (say i wanted to open certain traffic to one VLAN and not to another.)
The reason for this setup is that i want to divide a network in a small company for security reasons, and i do not want to use multiple firewalls as that leaves me with double-nat problems later on.&nbsp;
&nbsp;
Thanks for any help in advance :-)
&nbsp;
Best regards
Kristoffer
&nbsp;
Can someone verify if this can be done

schumaku · Answer

Kristoffer,
&nbsp;
As of writing, it appears the BR500 is able to handle four VLAN (when I get it right one per switch port!), and just a total of four IP subnets with DHCP services only - three are predefined (admin, guest, IPTV), and one is "freely" available.
&nbsp;
The BR5000 5.1.0.14 firmware release notes are very optimistically stating
&nbsp;

VLAN. VLAN with the DHCP server on each subnet is supported.

The spec'ed 256 VLANs are out of reach - certainly for the next few months - as per some direct communication.
&nbsp;
Reads to me like Netear has implemented the same ***** router engine we know to be cumbersome on consumer products like Nighthawk, Orbi, or Orbi Pro.
&nbsp;
Aside, it appears they used (uniquely) a Web component from Ali which does establish a connection to AliPay - at least here we got a promise that this component will be pulled. Timer is ticking.
&nbsp;
Netgear might want to&nbsp;provide additional information&nbsp;YeZ
&nbsp;
Not impressed at all&nbsp;- in fact a 100% failure for now. This BR500 is not ready for prime time, and it does not fit into the Insight environment as intended by the top management&nbsp;johngm&nbsp;please.&nbsp;
&nbsp;
Regards,
-Kurt

schumaku · Answer

Kristoffer,
&nbsp;
With all due respect - using a no longer supported device should deny the intended project.
&nbsp;
Regards,
-Kurt

Lippert · Answer

&nbsp;
&nbsp;
I don't see this model as no longer supported as it's still listed and you can buy it in the shops?
https://www.netgear.com/business/products/security/SRX5308.aspx
&nbsp;
However have you got a different firewall that you know will actually do the job?
&nbsp;
Best regards
Kristoffer

schumaku · Answer

https://www.netgear.com/support/product/SRX5308.aspx
&nbsp;
Attention:
NETGEAR Inc. will terminate the ProSAFE VPN Firewalls on September 1, 2017. The last software update for these products was provided in&nbsp;April 2017. NETGEAR Inc. will continue to honor valid warranty claims for all ProSAFE VPN Firewall devices purchased from an authorized reseller. To complete the full exit from the product line, NETGEAR Inc. will no longer provide ProSAFE VPN Firewall software support or subscription updates for any ProSAFE VPN Firewall devices after September 1, 2017.
&nbsp;
Also on the page you referred:
&nbsp;

&nbsp;
&nbsp;
Netgear has recently&nbsp;launched the BR500 router ... what appears to be a small step into the right direction. Lack of personal experience with this device, I refuse to suggest getting one here. As of writing, it appears to be point solution for some K.I.S.S. VPN connection between&nbsp;different sites, plus some...

Lippert · Answer

You're right. the BR500 is the new one, however i still don't see any evidence that it's able to do the required job.
&nbsp;
Which leaves me with my quesiton still standing. Any input would be&nbsp;highly&nbsp;appreciated.
&nbsp;

Forum Discussion

One firewall creating multiple networks that can not see eachother

9 Replies

Attention:

Related Content

Creating a New Discussion

Computers in Network Cannot Access Eachother

Differences in speed in 2 tests done directly after eachother

RS700 firewall

Use PR60X for firewall

NETGEAR Academy

ProSupport for Business