Link to home
Start Free TrialLog in
Avatar of erkwong
erkwongFlag for United States of America

asked on

Network Design

I would like to add an off the shelf netgear wireless router to my existing network.
The hitch is this - this is for customers, and I don't want them to be able to access our server.

Right now,  I have a DSL modem connected to a ZyXel ZyWall 2 Plus Intenet Security Appliance  doing DHCP, connected to a switch, which connects out to the computers on the internal network.  The final wrinkle in all of this is that I will be bringing a windows server onto the network soon w/ one NIC - it will take over the DHCP and the DHCP on the Zyxel will be disabled.  

Which of the following should I do?  (or neither?)
DSL modem
    |
switch(a)
    |    
wireless router doing DHCP for the external wireless users
AND switch(a) to a
ZyXel ZyWall 2 doing DHCP for the internal users,
                      \
connected to a switch(b), which connects out to the computers on the internal network.

_______________

OR:

DSL modem
    |    
ZyXel ZyWall 2 doing DHCP for the internal users,
    |
wireless router NOT doing DHCP for the external wireless users
AND
connected Zyxel to a switch(b), which connects out to the computers on the internal network.
SOLUTION
Avatar of Quori
Quori
Flag of Australia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Oops, one more thing. the ZyXel would be on a separate internal network. So, for example, you would address the internal network of the wireless router with 192.168.0.1 with all of the users using addresses of 192.168.0.x, the ZyXel  would be 192.168.1.1 with all of the internal users being 192.168.1.x
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Avatar of Darr247
Darr247
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
> First, you may need more than 1 IP to put a switch right after the modem.

kdearing's post takes care of that.  I guess I should have hit Refresh before I posted. :-)
Darr247, I checked teh user guide and I am not too comfortable with the method suggested by kdearing's post. This places the wireless (public) network inside the private network. The only thing I see that can be limited is NETBIOS traffic. So this may be a bad idea.
Placing the Switch between the modem and the 2 devices may be an issue depending on what addresses you have available. That said, if the switch were a manages switch with the ability to create subnets, you may increase the security level. This is a more expensive approach however.
Placing the ZyWall  after the public router is actually the proper way to deal with this situation because it keeps the public network away from the private network. Remember the ZyWall  is a firewall.
jgmontgo-
There is a note at the bottom of the screen, "you also need to create a firewall rule".
You can easily create the rule to disallow access to the internal network.

If that method isn't satisfactory, the put the port in the 'DMZ Zone'.
Chapter 9, same manual.
kdearing that is true, and in fact it looks like the wireless configuration is pretty similar to that of the DMZ Zone. Sorry I didnt notice that when I first looked.
So yea, as long as you take the precautions mentioned by kdearing in creating an access rule, you are safe with that method.
Avatar of erkwong

ASKER

Thanks all - That answers almost all of my questions.
I'll refer back to this when I am actually installing, along w/ the instruction manual.