We are adding a training room to our internal network. I don't want users on the training network trying to get into our internal system. I want to secure this at the lowest level possible so that ideally the training users wouldn't even be aware of the internal network. However occasionally one of our trusted users will plug into the training room when it is not being used and will need access to the internal network. Not sure how I can do this.
I guess I am looking at 2 subnets with a switch for each. I think the best option is then going to be a router/firewall between the 2 switches. I am looking for confirmation that I am on the right lines and a recommented product to use as a firewall. My experience of routers/firewalls has been between internal LAN and the internet rather than LAN-LAN. Most of the routers/firewalls I have looked at seem to be geared to internet use.