<div>
You do it with a LAN Router,...not a firewall.<br />
Configure ACLs on the LAN Router to control access.<br />
<br />

</div>


You do it with a LAN Router,...not a firewall.
Configure ACLs on the LAN Router to control access.



<div>
<div class="content wysiwyg-content">
I need to separate several of my servers from the primary LAN to be able to maintain certain restrictions on these servers without applying the same restrictions on every LAN computer. &nbsp;(this is an attempt to suffice a PCI requirement) &nbsp;What all will I need to allow on the firewall in order for these few servers to still access Active Directory, Exchange 2003, Internet, other subnetted networks at remote branches, Symantec BackupExec. &nbsp;Also, what will need to be allowed to get to these servers to allow SQL, and Terminal Servers to access programs?
</div>
</div>


I need to separate several of my servers from the primary LAN to be able to maintain certain restrictions on these servers without applying the same restrictions on every LAN computer.  (this is an attempt to suffice a PCI requirement)  What all will I need to allow on the firewall in order for these few servers to still access Active Directory, Exchange 2003, Internet, other subnetted networks at remote branches, Symantec BackupExec.  Also, what will need to be allowed to get to these servers to allow SQL, and Terminal Servers to access programs?

Separating certain servers from primary LAN using firewall

Software firewalls, also known as host-based firewalls, provide a layer of software on one host that controls network traffic in and out of that single machine. Most operating systems now include firewall software, but many available software firewalls include central distribution, antivirus systems and disaster recovery.

Software Firewalls

The Dynamic Host Configuration Protocol (DHCP) is an auto configuration protocol used on IP networks and an extension of the Bootstrap Protocol. DHCP allows for computers to be configured automatically to communicate with each other over an IP network without the need for manual setup by a network administrator. The implementation of DHCP relies on a DHCP server to hand out network configuration information to DHCP-capable clients that request an IP address (and other information required or useful in communicating with other devices on an IP network). In addition to an IP address, common configuration information served over DHCP includes a default gateway, subnet mask and DNS sever(s).

DHCP

Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.