Problem solve Get help with specific problems with your technologies, process and projects.

Securing three LANs at one access point

I have one Internet access point and three LANs, L1 (most secure), L2 (secure), L3 (normal), that I need to secure...

from the Internet and from each other. I have a Watchguard Firebox II firewall that divides the inside network in two.I can connect L1 and L2 to each interface and secure them, but how about L3? How can I connect it to the same Internet access point and at the same time keep it secure? What are the different alternatives? I would appreciate any advice you could give.

Not knowing exactly what firebox model you are using will make this answer more generic than specific to your needs. Your question leads me to believe you have only three interfaces, thus one for the external and two for the internals. I'll assume you want to keep costs down and provide maximum benefits.

Most typical firewall configurations of this type will use a router inside the firewall to connect several internal segments. Another solution may be a switch that will VLAN the segments, thus you could have all internal three segments connected to the router/switch, then into the Firebox. These devices could be configured with rules to allow/deny certain traffic/routing. The firewall rules would allow filtering of traffic into your system and the backend router/switch would allow routing of the traffic after the firewall.

Other considerations could be the use of NAT and static routes on the firewall. If I've understood your question, routers or switches may accomplish your task without the need to purchase or upgrade your current firewall. The router/switch doesn't need to be top of the line, but should have the ability to restrict traffic. Ensure all unnecessary services are disabled (Telnet, SNMP, FTP., etc.) and you configured the devices with secure passwords.

For more information on this topic, visit these other SearchSecurity.com resources:
Best Web Links: Infrastructure and Network Security

This was last published in February 2002

Dig Deeper on Network Access Control technologies

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.