[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Separating certain servers from primary LAN using firewall

Posted on 2009-12-18
Medium Priority
Last Modified: 2013-11-16
I need to separate several of my servers from the primary LAN to be able to maintain certain restrictions on these servers without applying the same restrictions on every LAN computer.  (this is an attempt to suffice a PCI requirement)  What all will I need to allow on the firewall in order for these few servers to still access Active Directory, Exchange 2003, Internet, other subnetted networks at remote branches, Symantec BackupExec.  Also, what will need to be allowed to get to these servers to allow SQL, and Terminal Servers to access programs?
Question by:Wigging
  • 2
LVL 29

Expert Comment

ID: 26083250
You do it with a LAN Router,...not a firewall.
Configure ACLs on the LAN Router to control access.

LVL 29

Accepted Solution

pwindell earned 1000 total points
ID: 26083337
Keep in mind that not all PCI auditing companies are created equal.  Some aren't worth a crap.  The "rules" that you have to comply to are not always a clearly defined as they should be and have room for "interpretation",...or worse yet,..."mis-interpretation".  

A machine or device can not be declared "secure" because someone slaps a firewall in front of it.  By the same token a machine or a device cannot [honestly] be declared "insecure" because there is no firewall in front of it.  A machine or a device can be perfectly secure with no firewall in front of it and can be secure even if no LAN Router with ACLs is in front of it,...it can be perfectly secure because someone has properly designed and secured the Application that runs on the machine and because they have properly heardened the OS of the machine or device.

Secureity does not "begin and end" at Layer3 & 4.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question