- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: Firewall segmentation
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Firewall segmentation
I have a small municipal network of about 20 pc's with a Server 2016 with AD, and an ip network of 192.168.1.x
We have a 24 port unmanaged network switch as the main switch.
One port runs to another unmanaged 5 port switch where all of the Police Dept pc's are plugged in.
We are implementing a new software in the police department that requires a firewall be between the switch in the PD and the main switch (effectively segmenting the traffic).
I'd like to keep using our DHCP on the server. Is there a switch that has a built in firewall that would do this instead of putting in a router and having a different ip addressing scheme?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Firewall segmentation
Hi Kellysmith120,
Unamanaged switches wont help you to create a firewall. Since the WIN2016 server as DHCP server, you can also create windows firewall using the server.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Firewall segmentation
I'm aware that an unmanaged switch as we have won't do it. I can't have the firewall on the server (although there is one there), it must be between the main switch and the switch for the police department.
Is there a firewall appliance that will sit between these two switches to satisfy the requirement for the software? Or will I have to use a router in order to have a firewall there?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Firewall segmentation
This is probably late, but you'll need them both to be on different subnets, with a routing device between the two and can then control traffic in one of two ways:
1) ACLs, dictating which addresses and ports are allowed or not.
2) Stateful firewall, which tracks every connection and is much more hardened.
The first can be done on any standard router (including a switch with L3 routing), the second needs a dedicated firewall device or a router with built-in firewall feature (or theoretically a firewall blade on a bladed switch).
So you'll either need to replace your first unamanged switch with an L3 switch, or install a router placed into classical routing mode between the two existing unmanaged switches. And, to be honest, the router is usually cheaper. 🙂