Friday, June 4, 2021

Vendor Routing subnet?

Our need to support "Secure Vendor Comms" (and house their devices because "Our flavor of VPN is sooo special that you need to buy our direct sourced Cisco/Fortigate/SonicWall/Netgate device at highly inflated cost so the magic packets don't fall out!") is growing substantially, and is leading to a rethink on how our network is organized.

Currently we have 3 main subnets - Servers/Routers, Users, Wifi. A few more for direct vendor access equipment, but that's not important. Generally the vendor comms are done through static routes on 1 or 2 servers that require it, but recently we have added some as general routes for all servers/PCs as required.

One vendor in particular is getting really bent out of shape that the device they forced us to implement isn't our primary gateway for all internal networks. They're clearly used to being the only vendor for very small shops. They have somewhat founded concerns about ICMP redirects.

So - am I off base to think about implementing a subnet just for these vendor supplied routers? How is this handled elsewhere?



No comments:

Post a Comment