Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Sunday, November 19, 2017 2:10 AM
I have the following configuration: On an inteligent switch (HP ProCurve) I have two (virtual) subnets:
subnet0 (192.168.0.0/VLAN1)
subnet1 (192.168.1.0/VLAN2)
Both subnets access (Different) Windows servers running under VMWARE ESXI on the same machine, with two virtual networks and two physical NICs, corresponding to subnet0 and subnet1.
The subnets are separated on the switch by vlan tagging (VLAN1 and VLAN2).
The subnet1 is connected via Router to the internet. subnet0 is a "closed" subnet without access to the internet. The idea is to have this subnet totaly isolated from any internet access, being our stable production environment in which Windows7 and even some XP machines are used. Our printers and plotters are also connected to this production environment (subnet0). The questions:
- How can I configure my system to allow computers on subnet1 to access the printers on subnet0 without having the risk of malware reaching subnet0?
- How can I exchange Data safely between the two subnets using a (transfer)directory accessible from both networks?
thanks
All replies (5)
Tuesday, November 21, 2017 9:09 AM ✅Answered
Hi,
>>What do you thing of an alternative solution with a VM Virtual router (M0n0wall or sophos) which would resolve the routing and filtering between 0.x and 1.x?
Since we are not familiar with M0n0wall or sophos, if you mean configure a software router, I would prefer it.
Software router is easy to manage network traffic.
RRAS is a software router and an open platform for routing and networking. Its routing services can be used by organizations in local area network (LAN) and wide area network (WAN) environments or over the Internet by using secure VPN connections. Routing is used for multiprotocol LAN-to-LAN, LAN-to-WAN, VPN, and network address translation (NAT) routing services.
More information about RRAS, please refer to the following article:
https://technet.microsoft.com/en-us/library/dd469714%28v=ws.11%29.aspx?f=255&MSPPError=-2147217396
Best Regards,
Frank
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, November 20, 2017 6:21 AM
Hi,
Based on my understanding, you'd like sharing printers and directories across subnet.
I’m not sure whether HP ProCurve is a 3 layer swtich which provide route function.
If no, I suggest you add a virtual nic(192.168.1.X)in the server on Vlan1.
Then you could configure the server as a file server or print server.
In addition, you could configure firewall rules to restrict port which is not used for you server.
Best Regards,
Frank
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, November 20, 2017 8:36 PM
Hi
Your understanding is correct - I want to share data and printers across subnets.
No, the HP ProCurve does not provide routing. The settup I am trying now, is to use a separate VM machine with a Windows2003 server and connect it to both subnets (.1.x and .0.x) and reduce it (deactivating unneeded services) to file sharing as well as closing the firewall towards both subnets as much as possible. I am still somewhat concerned about malware reaching the.0.x subnet. For example Conficker and company, which uses the file sharing path (ip445). Also the whole thing would probably make no sense without checkig the file contents for malware, as this would be transported into the production system. So an active Virus Scan of the data would be required. Of course this could be done without the extra VM Server, as you sugested, but I have a machine readily available and resources are not a problem. It would give me a better control of the gateway between the two systems and give me more freedom in reducing the in and out firewall rules without disrupting the production server on 0.1 .
What do you thing of an alternative solution with a VM Virtual router (M0n0wall or sophos) which would resolve the routing and filtering between 0.x and 1.x?
Best regards
Reto
Wednesday, November 22, 2017 8:07 AM
Hi,
Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.
Best Regards,
Frank
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Wednesday, November 22, 2017 5:55 PM
Hi MArk
thanks for pointing to RRAS I will give it a try.
Reto