6

Anyone have any experience with setting up firewalls? Seems like I'll have to do that at the new office, but man, I ain't got no clue.

Comments
  • 1
    What kind of firewall? If it's iptables, it's simple/easily googleable.
  • 3
    *googleable: replace with any verb that means "findable with <search engine>"
  • 2
    Googleable is the best firewall app you can ever use in your life
  • 1
    *at the new office* suggests infrastructure firewalls?
  • 1
    @netikras Yeah, exactly. Feels kinda dumb to be sitting 35 employees behind nothing but our ISPs non existing security. So a hardware firewall, yeah. Thing is, I've Googled everything I could think of, but I've barely gotten anywhere. Would it be a smart bet to use something like the Ubiquity USG-PRO-4? We're running Ubiquity access points. (guess that wouldn't make any difference though)
  • 1
    @filthyranter Hardware firewall. Though I've got no idea what to look for or how to do any form of configuration.
  • 1
    Ubiquity is pretty easy to work with, and has a lot of advanced features as well
  • 1
    Just stack up some bricks and you're golden
  • 1
    Start off denying anything incoming and go from there.

    Allow anything outgoing and widdle it down. (Ie, does the sales network need ssh)
  • 1
    @steaksauce Bare in mind, I've never done this before 😅 Would it be easy to section off the office? Like denying certain rooms access to certain ports?
  • 2
    @ScriptCoded VLANs.

    Using the department example:

    Marketing gets vlan 10
    Sales gets vlan 11
    HR gets vlan 12

    All ports in HR office are on VLAN 12,
    All in sales room are VLAN 11, etc..

    Then it's as simple as blocking traffic from one of those vlans to the other
  • 0
    @steaksauce Hmm, seems like a good solution. This wouldn't allow for any good solution for WiFi though, right? And I'm sorry for all the questions. It's all a bit confusing for me
  • 1
    @ScriptCoded no problem. At home I use an older server running opnsense firewall. For wireless, I use my wifi router without routing.

    Ubiquiti makes some good APs that you can use in an office setting.

    I used to do new office networking at my last job :p

    Internet -> Firewall -> layer 3 switch(enough for all of office plus expansion) -> APs.

    Dont forget PoE if you rely on that to power the APs.
  • 0
    @steaksauce so all APs are in a VLAN of their own?
  • 2
    @electrineer you can get APs that broadcast multiple SSIDs and each SSID can be in a different VLAN.

    Simplest example is guest wifi.
  • 0
    @steaksauce All we've got right now is a Netgear wifi router, a 24 port switch and two Unify APs with PoE. Could it cause problems that the Netgear router is broadcasting as well as the APs? Or should we perhaps just scrap the router and use a layer 3 switch instead?
  • 1
    Keep the router and disable the wireless on it. Or at a minimum change the wireless to something no one will use
  • 0
    @steaksauce Will do, thanks :)
Add Comment