How to connect two network together

History
------------
Currently our company have two isolate network ,One is for finance department and another is for normal LAN.In the first place ,management decide to split the network to two different network due to security issue .But now management has decide to allow finance department to access DMZ resource and browser internet.Please advice how to connect this two network together.Thank you







Company Network
AnthonyTeahAsked:
Who is Participating?
 
dmitrij75Connect With a Mentor Commented:
If your organization have a departments that are placed in one building your task performs with ease. You just need still another power router with VLAN support. The other routers must be connected that router. Combine DMZ computers and finance department in VLAN0 segment on the side of the power router, so that the users outside that segment could not access PC's in the finance department. You may use the same subnet mask for finance department personal and the other users in this case. You might want to combine the users in other VLAN cell. (VLAN1, for example) on the side of you power router as well to prevent their computers from being viewed by financial department users if needed. Now you can connect your power router to the internet, another gateway or server with installed gateway Kerio WinRoute Firewall, WinGate, ...
As an additional solution you may not to buy the power router and make the same adjustments on the local routers of your finance department employees and the other users (primarily I mean VLANs). Then you should connect the local routers of your departments to the server with AD, that connected to the Internet. In this means the server with AD must have the quantity of network adapters equal the local routers of your departments. The network adapters of finance employees and DMZ computers should have the same subnet mask to be able to get connected. If the finance department should be isolated from the other users, you must assign the different subnet for their network cards. DMZ computers should have an additional card for the other users as well in this case.
Please note if you would like the finance employees are browse the Internet faster while getting the other files or stuff from DMZ computers, you should consider to buy an additional network card for them to assure them reliable surf the Internet and getting the files from DMZ. Of course you will need to install an additional card on the DMZ computers as well. It's obviously that you will need to set different subnet mask on the cards. If you wish the other users have the same possibility never assign the subnet mask for their second network adapter the same as for finance employees for security reasons. It's better to install yet another card to DMZ computers or servers.
If you will have a plans to grant the same resources for all the computers of your network then delete VLAN. Both finance employees and other users will see their shared resources
0
 
surbabu140977Commented:
Since finance is involved, you should be consulting a networking/security firm before plugging in to internet.From your question it's evident that you may not be aware of all the networking aspects. It will carry a great deal of risk(for your finance dept and business) if you try to do it yourself without any professional audit/consultation.

Depending on the sensitivity of finance division you will need a thorough checking of the Desktops, patching of OS and softwares, implement extra security at the firewall, enable strict user control(windows domain) etc.

The last thing you need will be someone seeing your business finance data sitting in his basement garage (and probably trying to sell it). :)

Best,
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.