Security to seperate same subnet

There are 2 regional networks in different places. They are in same subnet and link up by switch and router.

Is it possible to put some firewall between them to make them secure seperately.


Who is Participating?

If you can dedicate a box to JUST this task, then something like a Zyxel Zywal 5 in "transparent" mode.

If you can separate the two "zones" onto separate switches, and then link each switch to a separate port on the firewall, then any Sonicwall from TZ190 upwards, with Enhanced OS, you can configure "zones" (e.g. "sales" "accounts" "warehouse", etc) and interfaces (e.g. Lan-Port 1, Lan-Port 2) and set up rules between them, even though they share a common IP space. *provided* you make sure the traffic between the two zones HAS to pass THROUGH the firewall to get from one to the other, you're in control.

well you can use access lists to segregate the traffic. depending on what hardware you are using they may have built-in firewalls.

For instance, Cisco boxes that use advanced enterprise IOS services have powerful firewall tools built-in, so it may be possible to firewall traffic from the router itself from different areas.

Best bet, if you do not want to create a different subnet to segregate the traffic is to use access lists to fine-tune what can access what.

If you need assistance with this, please just let me know.

Please provide following information.

1. What is the current status of your network ?
2. Are both network connecting to two interfaces of the SAME router ?
3. Are both subnets using same IP addressing? If possible, please provide the addressing info.
It is always possible to add firewall in between. Depanding on your requirement, firewall can work in Layer2 or Layer3 mode.

Hope that helps.
Warm Regards,
Nayan Panchal
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.