Hi. I might plunge into a smaller project which is about sharing an Internet link between several small companies (maximum 8) in the same building. I do not have the details yet, but I am pretty sure that this is a business line with a routed subnet. Possibly just a /30 but maybe a /29 and I guess 100 - 250Mbit bandwidth.
To keep things tidy and secure, I think it is a good idea to invest in a good firewall and configure a trunk to a 48 port switch with VLANs. Then do some NAT on the provided public pool if IPs. The main requirement is simply to keep the companies isolated from each other on the local network and provide cabled Internet, and block incoming connections. There is only cabled network to the offices, and no need for a shared wireless network or shared access to some local resources. If it would be possible to let it provide a couple of VPN connections in the future, then that's fine too, but not a strict requirement.
I believe most money should go into the firewall, and less into the switch as long as it is managed. We can surely spend some money on the firewall if the product is good.
Being a long time Linux user I know my way in the shell and setting up iptables, routing and network troubleshooting with the typical tools like tcpdump, netcat, hping3, nmap etc. In this case however we have agreed to go for an appliance with a GUI, since another guy on site with some network knowledge also might need to manage it. I do not know much about those appliances, but I think maybe a Cisco ASA might fit the bill? I think the CLI is decent on those too? I do have some experience with Cisco IOS from routers and switches, but that is a long time ago.
If there some good books, resources and best practices for the device you would recommend as essential, then that is greatly appreciated too. I love to do some reading.
No comments:
Post a Comment