Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
@netikras Yeah, exactly. Feels kinda dumb to be sitting 35 employees behind nothing but our ISPs non existing security. So a hardware firewall, yeah. Thing is, I've Googled everything I could think of, but I've barely gotten anywhere. Would it be a smart bet to use something like the Ubiquity USG-PRO-4? We're running Ubiquity access points. (guess that wouldn't make any difference though)
-
@filthyranter Hardware firewall. Though I've got no idea what to look for or how to do any form of configuration.
-
Start off denying anything incoming and go from there.
Allow anything outgoing and widdle it down. (Ie, does the sales network need ssh) -
@steaksauce Bare in mind, I've never done this before 😅 Would it be easy to section off the office? Like denying certain rooms access to certain ports?
-
@ScriptCoded VLANs.
Using the department example:
Marketing gets vlan 10
Sales gets vlan 11
HR gets vlan 12
All ports in HR office are on VLAN 12,
All in sales room are VLAN 11, etc..
Then it's as simple as blocking traffic from one of those vlans to the other -
@steaksauce Hmm, seems like a good solution. This wouldn't allow for any good solution for WiFi though, right? And I'm sorry for all the questions. It's all a bit confusing for me
-
@ScriptCoded no problem. At home I use an older server running opnsense firewall. For wireless, I use my wifi router without routing.
Ubiquiti makes some good APs that you can use in an office setting.
I used to do new office networking at my last job :p
Internet -> Firewall -> layer 3 switch(enough for all of office plus expansion) -> APs.
Dont forget PoE if you rely on that to power the APs. -
@electrineer you can get APs that broadcast multiple SSIDs and each SSID can be in a different VLAN.
Simplest example is guest wifi. -
@steaksauce All we've got right now is a Netgear wifi router, a 24 port switch and two Unify APs with PoE. Could it cause problems that the Netgear router is broadcasting as well as the APs? Or should we perhaps just scrap the router and use a layer 3 switch instead?
-
Keep the router and disable the wireless on it. Or at a minimum change the wireless to something no one will use
Related Rants
Anyone have any experience with setting up firewalls? Seems like I'll have to do that at the new office, but man, I ain't got no clue.
question
firewall