Re: moving sbs network
- From: Dabbler <Dabbler@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 23 Dec 2006 14:50:00 -0800
Dave
So let me recap to see if I understand your topology:
Internet
|
DSL Modem
|
TZ170 ( no DHCP) Public wireless w/ DHCP?
| OPT |
| Public Wireless PCs
SBS external
SBS internal(private DHCP)
|
|
Private (switch)------
| |
| Wireless Access Point (private)
Wired PCs
I guess I'm getting a little confused with your generic terms like public
wireless router e.g. is that another physical device or just the Wireless
feature of the TZ170
Thanks for any clarification!
Michael
"Dave Nickason [SBS MVP]" wrote:
What I have is the DSL modem (I think mine is actually a router but it.
doesn't matter - the Internet connection in whatever form) connected to the
WAN port. The SBS network is connected to the LAN port. In my case, the
public segment is all wireless, so the public wireless router is the DHCP
server for that side. If I allowed wired connections to the public network,
they'd get their IPs from the same device.
I have a private wireless network that is configured with EAP and uses
certificates to connect to the SBS network. It's set in group policy to be
the preferred network on the laptop. Then in the SonicWall, all traffic
from the OPT port to the LAN port is explicitly blocked. So the laptops
connect to the private LAN first and not the public wireless.
"Dabbler" <Dabbler@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:5AC97868-AB75-40C4-ABF1-9FF11182162B@xxxxxxxxxxxxxxxx
Dave
Thanks for this info.
Did you mean the DSL modem (not router) connects to the TZ170 WAN port?
What
device is acting as the DHCP server for the public segment?
Is this a wireless unit and in this case wouldn't the WLAN be public. If
so
isn't that a security issue if a laptop connects both wired and
wirelessly?
Thanks for further clarification.
"Dave Nickason [SBS MVP]" wrote:
IMO you need a "real" firewall instead of an inexpensive NAT device.
Personally, I'd look at a SonicWall. I have a TZ170 that has an "OPT"
port
that acts as a DMZ. So my SBS network is on the main LAN side of the
SonicWall, and my publicly accessible network is on OPT. The SonicWall
explicitly blocks all traffic between the two, so the public users don't
have any access to my LAN.
So what this looks like: the DSL router connects to the TZ170 WAN port.
The SBS external NIC connects to the LAN port. And the publicly
available
network (which in my case is wireless) connects to OPT. All the
SonicWall
ports and the SBS external NIC are all using fixed IP addresses, so DHCP
is
turned off in the SonicWall. The SBS is the DHCP server as it should be,
and the public WAP acts as the DHCP server for the public network.
You'll have to figure out what to do about printers. Without giving it a
lot of thought, I guess I'd put the printer on the public network,
punching
a hole in the firewall to allow users from the SBS network to print to
the
public network. SonicWall will allow a firewall rule LAN to OPT, so you
don't have to open anything to the Internet for this to work.
SonicWall has the ability to be the VPN end point, although I don't use
it
for that. I'd look at their web site to see which model fits closest.
It's
been a while since I bought mine, but if I remember right, their
pre-sales
support was very good if you have specific questions for them.
"Dabbler" <Dabbler@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A6DED3C0-0A3F-4597-9550-7D4B1304C98C@xxxxxxxxxxxxxxxx
I'm moving an SBS network from a home office to a eral office and need
some
advice on changing the topology. The current setup is SBS (standard, no
ISA?)
2 NIC configuration with SBS as the VPN endpoint and DHCP server.
I would like to setup the new environment with 2 LANs, one intranet
with
SBS
for the regular staff and another segment for visitors and possibly
renting
out an office to an unrelated party, although it might be nice to share
the
printers (which are currently hosted on SBS).
Mobile SBS users will need VPN access to run a COM application on the
SBS
server.
Any recommendations on changing the VPN endpoint to a router (we are
using
a
less expensive Netopia router as we had problems with VPN passthrough
on 2
year old Linksys router when we first installed so we are open to
purchasing
new router/firewall)? Should I keep the SBS server with 2 NIC config as
DHCP
server and what would my topology look like?
Thanks for any suggestions on this.
- Follow-Ups:
- Re: moving sbs network
- From: Dave Nickason [SBS MVP]
- Re: moving sbs network
- References:
- Re: moving sbs network
- From: Dave Nickason [SBS MVP]
- Re: moving sbs network
- From: Dabbler
- Re: moving sbs network
- From: Dave Nickason [SBS MVP]
- Re: moving sbs network
- Prev by Date: Purchasing Godaddy cert and mobile phones
- Next by Date: Re: <<< MERRY CHRISTMAS and/or HAPPY HOLIDAYS from SBS MVPs >>>
- Previous by thread: Re: moving sbs network
- Next by thread: Re: moving sbs network
- Index(es):
Relevant Pages
|
