I've got a complicated question... I am creating a BYOD network on our higher ed campus. I've got non-AD joined/university-owned devices set up to go to a stricter network using google DNS and cutting it off from resources it doesn't need. Aka a student's cell phone. I take it from a 10.x.x.x and NAT it out to our public IP space in the PA firewalls. From there I'd like the traffic to be seen as outside/internet traffic if resources are needed from servers on our campus coming back in. Currently, we have rules between zones allowing it to cut over to a server and the connection is seen as an inside zone. Is there a way with routing to easily hairpin that traffic back or does anyone do something similar?
We have a PA firewall and outsider router beyond that could be used. Trying to figure out how to route/hairpin it to get things working as they should. Basically take natted connections that go out and hairpin them back in as if though they were a random Joe on the internet. We have rules in place allowing access from the internet now so that parts there and working.
Example:
Want:
Untrust/Internet Zone to Campus Web Server
Currently Have:
BYOD Zone to Campus Web Server
Open to any questions/clarifications/criticism on the idea.
No comments:
Post a Comment