- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: One firewall creating multiple networks that can not see eachother
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
One firewall creating multiple networks that can not see eachother
I would like to configure a network like this:
Using the SRX5308 firewall and a netgear switch with VLAN support.
This should be simple, but i can not find any way in the manual of the SRX to configure so that each VLAN can reach the internet but none of the VLANS can see eachother. Additionally i can not determine if i can create firewall rules in the SRX that will be specific for one VLAN (say i wanted to open certain traffic to one VLAN and not to another.)
The reason for this setup is that i want to divide a network in a small company for security reasons, and i do not want to use multiple firewalls as that leaves me with double-nat problems later on.
Thanks for any help in advance 🙂
Best regards
Kristoffer
Can someone verify if this can be done
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: One firewall creating multiple networks that can not see eachother
Kristoffer,
With all due respect - using a no longer supported device should deny the intended project.
Regards,
-Kurt
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: One firewall creating multiple networks that can not see eachother
I don't see this model as no longer supported as it's still listed and you can buy it in the shops?
https://www.netgear.com/business/products/security/SRX5308.aspx
However have you got a different firewall that you know will actually do the job?
Best regards
Kristoffer
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: One firewall creating multiple networks that can not see eachother
https://www.netgear.com/support/product/SRX5308.aspx
Attention:
NETGEAR Inc. will terminate the ProSAFE VPN Firewalls on September 1, 2017. The last software update for these products was provided in April 2017. NETGEAR Inc. will continue to honor valid warranty claims for all ProSAFE VPN Firewall devices purchased from an authorized reseller. To complete the full exit from the product line, NETGEAR Inc. will no longer provide ProSAFE VPN Firewall software support or subscription updates for any ProSAFE VPN Firewall devices after September 1, 2017.
Also on the page you referred:
Netgear has recently launched the BR500 router ... what appears to be a small step into the right direction. Lack of personal experience with this device, I refuse to suggest getting one here. As of writing, it appears to be point solution for some K.I.S.S. VPN connection between different sites, plus some...
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: One firewall creating multiple networks that can not see eachother
You're right. the BR500 is the new one, however i still don't see any evidence that it's able to do the required job.
Which leaves me with my quesiton still standing. Any input would be highly appreciated.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: One firewall creating multiple networks that can not see eachother
Can you please line-out the "networks that can see each other" in some more words and applications?
Pure routing is one thing - leaving the performance alone, it's relatively easy to achieve. Lots of Apps and IoT require the devices to be in the very same TCP/IP subnetwork - device discovery, service announcements, ... often depends on plain IPv4 broadcast, sometimes some very-magic L2 is used ... and even the Bonjour stuff does often not work over different L2 segments and subnets.
From discussions and presentations with NTGR people ref. the BR500 we discovered that some features are not covered by the documentation (the initial User Manual), and probably other tech features from the marketing list might be not available initially. Thus it's all a little bit digging in the dark.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: One firewall creating multiple networks that can not see eachother
What i mean is Two seperate networks. So they will act as they are independent networks going out to the internet seperately but through one firewall.
Pretty much as the drawing shows. Devices on one network are under no circumstances able to send or receive traffice from other networks without going out through the firewall and hitting the internet first.
I just went through the BR500 manual, but it doesn't really show any such configurations. There is a bit aobut firewall rules and VLAN setup but not enough to clearly give an indicatio if the illustrated setup above is possible.
Otherwise i'll have to go with a Cisco AR box as that clearly has the capability.
BR
Kristoffer
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: One firewall creating multiple networks that can not see eachother
@Lippert wrote:
Pretty much as the drawing shows. Devices on one network are under no circumstances able to send or receive traffice from other networks without going out through the firewall and hitting the internet first.
In my understanding the BR500 (comparably inexpensive) should be able to handle multiple VLAN with dedicated subnetworks - in both the Web management as well as Insight management mode.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: One firewall creating multiple networks that can not see eachother
About the BR500 - is there any way of verifying that it is capable of running multiple Vlans?
Aside from buying one and trying it out? - I've been throuhg the manual but it's not clear to me if that is really an option or not.
Best regards
Kristoffer
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: One firewall creating multiple networks that can not see eachother
Kristoffer,
As of writing, it appears the BR500 is able to handle four VLAN (when I get it right one per switch port!), and just a total of four IP subnets with DHCP services only - three are predefined (admin, guest, IPTV), and one is "freely" available.
The BR5000 5.1.0.14 firmware release notes are very optimistically stating
- VLAN. VLAN with the DHCP server on each subnet is supported.
The spec'ed 256 VLANs are out of reach - certainly for the next few months - as per some direct communication.
Reads to me like Netear has implemented the same ***** router engine we know to be cumbersome on consumer products like Nighthawk, Orbi, or Orbi Pro.
Aside, it appears they used (uniquely) a Web component from Ali which does establish a connection to AliPay - at least here we got a promise that this component will be pulled. Timer is ticking.
Netgear might want to provide additional information @YeZ
Not impressed at all - in fact a 100% failure for now. This BR500 is not ready for prime time, and it does not fit into the Insight environment as intended by the top management @johngm please.
Regards,
-Kurt