Windows OS
--
Questions
--
Followers
Top Experts
Hi Guys,
My company is looking to gain cyber essentials.
The issue i have is we run legacy programs that were written in VB3.0 that can only run on maximum 32 bit windows 7 machines that access databases on our server and these are obviously not compliant with cyber essentials. (These will one day be re-written into modern language once i have actually finished and gained cyber essentials)
we also have machinery scattered around the factory that run win2000 to xp that need to access the main server for DNC files etc (read only).
Recently i have upgraded all office based PC's to windows 11 and they are running a windows XP enviroment inside virtualBox to allow us to run legacy programs.
my inital thought was to use a pfsense (which i have available) and create a seperate network and filter only the traffic needed to a switch (which i will called LEGACY SWITCH) and then plug all CNC machines etc into this and then into the 2nd NIC on my server - but the issue i have here is its still got to communicate with the main network (read only) somehow. My idea with the Virtual machines is use a usb-to-ethernet adapater on every windows 11 running the virtualbox enviroment and connect that to the LEGACY SWITCH, but once again this will need to communicate with database (.mdb) files on the main network and be read/write.
would love to chat with someone who has been in a similar position.
Thanks.
Zero AI Policy
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
instead of setting up a gateway, use routing instead. That or setup VLANS or use MPLS
you haven't said whether or not everything is on the local physical network or needs to access via a WAN.
could you please explain more how i could do this with VLAN?
sorry it is just local physical network.
every managed switch manufacturer has a different method of setting up a vlan. You don't give up much information on your current network topology
Guessing here.
Legacy Network
Main Network
you could use routers from each network to the other network. This will eliminate the need for a seperate network adapter.
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
My company is looking to gain Cyber Essentials, but we run legacy programs written in VB3.0 that can only run on 32-bit Windows 7. How do we handle this?
Legacy systems that can't meet Cyber Essentials requirements must be isolated from the main network. Use VLANs or a dedicated subnet to separate them and control traffic tightly.
We also have machines running Windows 2000 and XP that need to access DNC files on a server (read-only).
Place these machines on the same isolated network. Use firewall rules to allow only specific read-only access to required services or shares.
Office PCs are now on Windows 11 and use VirtualBox to run XP for legacy apps.
Configure each XP VM to use a separate USB-to-Ethernet adapter connected to the isolated legacy network. Ensure the host (Windows 11) has no route or bridge to that adapter.
Can I use pfSense and a second NIC on the server to allow communication while staying compliant?
Yes. pfSense can manage segmentation. Use the second NIC on your server to connect to the legacy network and strictly allow only the necessary ports and directions (e.g., read/write to .mdb files).
Will this setup help us pass Cyber Essentials?
Yes, if you can prove the legacy environment is segmented, cannot access the internet, and communicates with the main network only through tightly controlled, documented channels.
Hi Shaun,
Thanks so much for the response.
i have a problem where one of the shares needs to be accessed from the main network also, just to drop and edit files inside. how could this be achieved safety?
so i will move old .mdb databases and folders that the legacy systems use all over to the 2nd NIC on the physical server and class this as a LEGACY SERVER.
how will this work with active directory? can the LEGACY side still authenticate with this?
Thanks
You can allow shared access by hosting the files on the LEGACY SERVER with dual NICs, using pfSense to strictly control traffic between networks, applying NTFS permissions for access, and allowing legacy systems to authenticate with Active Directory if they're domain-joined and
Get a FREE t-shirt when you ask your first question.
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
Windows OS
--
Questions
--
Followers
Top Experts
This topic area includes legacy versions of Windows prior to Windows 2000: Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions including Windows Mobile.
Create your account and start contributing!