Ask the Expert

Securing three LANs at one access point

I have one Internet access point and three LANs, L1 (most secure), L2 (secure), L3 (normal), that I need to secure from the Internet and from each other. I have a Watchguard Firebox II firewall that divides the inside network in two.I can connect L1 and L2 to each interface and secure them, but how about L3? How can I connect it to the same Internet access point and at the same time keep it secure? What are the different alternatives? I would appreciate any advice you could give.


    Requires Free Membership to View

Not knowing exactly what firebox model you are using will make this answer more generic than specific to your needs. Your question leads me to believe you have only three interfaces, thus one for the external and two for the internals. I'll assume you want to keep costs down and provide maximum benefits.

Most typical firewall configurations of this type will use a router inside the firewall to connect several internal segments. Another solution may be a switch that will VLAN the segments, thus you could have all internal three segments connected to the router/switch, then into the Firebox. These devices could be configured with rules to allow/deny certain traffic/routing. The firewall rules would allow filtering of traffic into your system and the backend router/switch would allow routing of the traffic after the firewall.

Other considerations could be the use of NAT and static routes on the firewall. If I've understood your question, routers or switches may accomplish your task without the need to purchase or upgrade your current firewall. The router/switch doesn't need to be top of the line, but should have the ability to restrict traffic. Ensure all unnecessary services are disabled (Telnet, SNMP, FTP., etc.) and you configured the devices with secure passwords.


For more information on this topic, visit these other SearchSecurity.com resources:
Best Web Links: Infrastructure and Network Security


This was first published in February 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: