network design to segregate public and staff
Posted
by
barb
on Server Fault
See other posts from Server Fault
or by barb
Published on 2010-12-24T00:29:02Z
Indexed on
2010/12/24
0:56 UTC
Read the original article
Hit count: 665
networking
My current setup has:
- a pfsense firewall with 4 NICs and potential for a 5th
- 1 48 port 3com switch, 1 24 port HP switch, willing to purchase more
- subnet 1) edge (Windows Server 2003 for vpn through routing and remote access) and
- subnet 2) LAN with one WS2003 domain controller/dns/wins etc., one WS2008 file server, one WS2003 running Vipre anti-virus and Time Limit Manager which controls client computer use, and about 50 pcs
I am looking for a network design for separating clients and staff. I could do two totally isolated subnets, but I'm wondering if there is anything in between so that staff and clients could share some resources such as printers and anti-virus servers, staff could access client resources, but not vice versa. I guess what I'm asking is can you configure subnets and/or vlans like this:
- 1)edge for vpn
- 2)services available to all other internal networks
- 3)staff which can access services and clients
- 4)clients which can access services but not staff
By access/non-access, I mean stronger separation than domain usernames and passwords.
© Server Fault or respective owner