Hello all and thanks in advance for any help that you can provide!
This is going to be a somewhat complex request and I will be asking for a lot and for help with a lot. As such, I would be willing to compensate anyone willing and able to help. TLDR: I need a Mikrotik CSR109 router sucurely configured for a POS environment.
Anyway, on to the problem.
My parents own a small retail space. Their credit card processor has told them that they need to upgrade and segment their network so that they can meet PCI (payment card industry) compliance standards or else risk a monthly fine until the network passes compliance standards.
The processor recommended the Mikrotik CSR109-8G-1S-2HnD-IN as a solution for segmenting the network and securing the POS (point of sale) side of the network. The only problem is they offer NO support and NO direction on how to actually do this on this particular router.
I have been scouring the internet and have even had my brother post questions here looking for answers but everything seems so complex and daunting.
If you've read this far, perhaps you can help us. The requirements are as follows:
Eth1( interface would be used as the main internet connection.
Eth2 interface would be used as the POS port set up on a 192.168.10.0/24 scheme. This port would need to be set up as a secured (no internet access save a few whitelisted domains) port and would connect to a dummy switch that houses the POS/payment terminals. The WAN1 interface on the CRS109 would also have to be tied into the Eth2 interface domain and be secured the same so that handheld terminals can connect and communicate with the POS desktops.
Eth3 interface would be an open DHCP enabled port set up on a 192.168.100.0/24 scheme and would be used for the general purpose office computers.
Eth4 interface would be used for the public wifi router. open and DHCP enabled on a 192.168.50.0/24 scheme.
Eth5 would be used as an emergency backup internet port. There are two ISP modems in this location and one is used ONLY in the event the other goes down.
Eth6 would be my management port. Just a port I can plug into to manage the router should anything start acting up.
Eth7/8 will not be used in this current setup
The kicker in all this is that each interface port (minus Eth6) must be COMPLETELY ISOLATED from the other ports. Each port must act as its own separate network.
HERE is a link to a simple diagram I made to illustrate the network a bit.
If anyone could make a configuration file for me to load with the settings or help walk me through setting this up myself, both me and my parents would GREATLY appreciate it.
Thank you all in advance!
No comments:
Post a Comment