How to set up network

[pmark]

Hi all,

I'm trying to secure our company's network and I'm not so sure which devices we need. We have 3 groups of computers/servers. Computers from each group should not have access to the other groups computers. I was thinking that I would need to setup VLANs or just use separate subnets for this, but I'm unsure on which one. I also need to provide VPN access separately to each computer group. All of these computers need to be behind a firewall.

From reading the previous posts, it seems like I would need a Juniper SRX100, fortigate 60c, or a Cisco ASA 5505. Is that all that I would need? Would that one device be able to handle the firewall, VLANs, and VPN access? I want something that isn't going to require a lot of upkeep as I'll be the one supporting it (and I don't want to spend too much time maintaining it)

Thanks!

 

[drebo]

Hire someone to do it for you. You'll save yourself a hell of a lot of headache.

VLANs themselves will not prevent L3 traffic, particularly if you want all three VLANs to share the same Internet connection. You need to restrict that traffic with ACLs.

An ASA5505 cannot trunk VLANs without the Sec+ license, which prices it far above the competition (you can get around this with a L3 switch, but then you're really above the competition). My recommendation would be the Juniper SRX100B.

 

[yinan]

Just use one subnet and create a domain and use Windows permissions to separate access.

 

[pmark]

Just use one subnet and create a domain and use Windows permissions to separate access.

I forgot to mention that one of the servers is a Linux machine so using just Windows permissions won't work.

 

[yinan]

Linux can integrate with AD/LDAP. But anyways with the LINUX server if you dont integrate it users wont have permissions to access it. Separate networks really seems like overkill for this situation.

 

[Tbirdkid]

Not so sure i believe in the single subnet idea. Reason being, whether or not they are running UC in this network, or whatever. I have always seperated printer, phone, and server traffic from standard day to day traffic. Honestly, without doing an assessment on what all you need, we would be winging it. However, I almost always recommend at least a Cisco ASA 5505 for its Vlan management, firewalling, and vpn connectivity. Especially with an outside static ip.

Im with Drebo, hire someone if you dont know how to setup an ASA.

 

[mancy]

Hi,

Check out the following information to set up a network :

http://www.makeuseof.com/tag/set-network-domain/