Firewall-Harware to Bypass-Bridge

so a client i know is adding a vending machine to their lunch room that requires connection to the network for payment options. Is there a piece of hardware that can be purchased to attach to "atm" that will bypass the firewall security of their Network. apparently it is being blocked by their firewall....any suggestions....you would think that said vending mach. vendors would have this info....thx
gstevederbyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bbaoIT ConsultantCommented:
basically, you just want to connect this ATM directly to the internet, by bypassing the client's existing firewall?
0
gstevederbyAuthor Commented:
yes
0
_Commented:
Did you try putting it's address in the DMZ?
0
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

bbaoIT ConsultantCommented:
if the client's firewall does provide a DMZ zone, Coral47's suggestion is the way to go.

if not, enable port forwarding on the firewall to allow required ports to be remapped to the ATM on an internal IP.

actually, if the client's ISP could offer one more public IP address, the most simple way is to put small switch before the firewall and connect the ATM to the switch to make sure the ATM is physically sepaeated from the client's network.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
_Commented:
>> ...if the client's ISP could offer one more public IP address...

Good idea. Definitely the way to go, if possible.
0
btanExec ConsultantCommented:
also to note that likely the PCI DSS compliance may need to be considered such as end to end encryption to ensure the confidentiality of the credit info in transit and data at rest/data in use in the vendor mach, if applicable. so besides bypassing the FW, this has to be taken into consideration. there may be a vpn tunnel end to end and terminate at the FW (assuming that is the perimeter for all payment services including that "atm")
0
bbaoIT ConsultantCommented:
> likely the PCI DSS compliance may need to be considered
> besides bypassing the FW, this has to be taken into consideration.
> a vpn tunnel end to end and terminate at the FW.

yes PCI DSS and all related security standards should be followed but i would say those are all the ATM vendor's responsibility, not the party that just provides the space.

is your client the owner of this ATM? if yes, you really need to consider breadtan's suggestions.
0
btanExec ConsultantCommented:
indeed as bbao shared. Also if vendor machine has those credit card details of the end user stored on that machine  (which i supposed not by default and not recommended) then this has to be factor to ensure confidentiality as well. This is not necessary the ATM onus since they do not own those machine and just serving as 3rd party payment services. The project team need to have oversight of the whole ecosystem in the various system and their interfaces.

Even the PCI DSS may implicate your overall design and by having not those sensitive data and offloading those to payment service to address it will scope down your service security requirement. We should apprise the stakeholder collectively to make a complete assessment of the designed security service offering. Just another few cents worth...keep the design simple and complexity is enemy to security
0
gstevederbyAuthor Commented:
all very good ideas, i will run them past the powers to be for decision...thank you all
0
btanExec ConsultantCommented:
glad to help but suggest if answers help have assisted it is good to point out so that others can benefit when they chanced on this solved question. Helped to make informed decision on the larger user base :) Nonetheless, thanks!
0
gstevederbyAuthor Commented:
The problem is as a consultant I can only recommend what the client should do , ultimately it is up to the company if they want to invest in purchase of another isp line or add hub. What I am recommending is port forwarding and bringing up the security issues involved with each choice. While I understand the need for a definitive answer for the larger audience I feel that ALL the suggestions will work...but end of the day it is up to the client if they are to spend more money to get there.
 So on this  question that is the best i can say Unfortunately. Prob. should have split the points awarded in this answer...and as you mentioned, keep it simple..thanks again
0
btanExec ConsultantCommented:
Noted and well received. if you will like to split the answer I believe the moderator can re-open for your kind allocation :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Hardware-Other

From novice to tech pro — start learning today.