I currently administer a small business network, which has the following network configuration:
|--> ADSL2 Modem/Router (Dynamic ISP IP/192.168.1.254) - WAN/LAN
|---->192.168.1.x Network. Devices - Web/File Servers(1), Printers(1), Guest Workstation(1), via a POE Switch (with 5 IP Cameras)
|---->Netgear FVS318 Firewall/Router (192.168.1.1 / 192.168.2.254) - WAN/LAN
|------>192.168.2.x Network. Devices - File Server(1), Hub(1), and Office Workstations(12). 5 Workstations are connected via the hub.
* Subnet Masks in all cases are 255.255.255.0, and there is a static route defined on ADSL2 Modem/Router - Network/Mask 192.168.2.0/24, Gateway 192.168.1.1
We are experiencing an issue whereby copying files from any workstation on the 192.168.2.x network to the file server on 192.168.1.x is extremely slow, sometimes 100Kbps (or less!). File copying has been done using Samba AND SFTP/SCP, and the performances are the same regardless of method/application. Copying files while on the same network is instantaneous, but between networks is unbearably slow! Internet browsing and email has no obvious complaints - the connection to the ISP is not the fastest, and therefore the expectation is set accordingly. However, moving files around our own network should be a relatively quick exercise - all machines are newish, and cabling is Cat 5e or 6.
Given the above, I am suggesting that the Netgear FVS318 might be the bottleneck. The reason for the two networks is for security, and using physical devices (and different IP networks) to separate the two has been the underlying motivation. Firewall rules allow a handful of ports open on the 192.168.1.x network, and nothing on the 192.168.2.x network.
I am considering purchasing a switch, and have read that one with VLAN capabilities might be the go, as I am led to believe that VLANs ensure network separation, and therefore (hopefully) security is maintained.
I guess my question is, if I did purchase a switch - What should it be, and why? And how would the network configuration look in doing so? Could it be that I could simply have the ADSL2 Modem/Router and Network Switch (with all devices connected to the new Switch, but separated by way of VLAN config). And how should I construct my network address assignment (ie. maintain 2 network address ranges? More/less?). Any recommendations?
Thanks in advance.
|--> ADSL2 Modem/Router (Dynamic ISP IP/192.168.1.254) - WAN/LAN
|---->192.168.1.x Network. Devices - Web/File Servers(1), Printers(1), Guest Workstation(1), via a POE Switch (with 5 IP Cameras)
|---->Netgear FVS318 Firewall/Router (192.168.1.1 / 192.168.2.254) - WAN/LAN
|------>192.168.2.x Network. Devices - File Server(1), Hub(1), and Office Workstations(12). 5 Workstations are connected via the hub.
* Subnet Masks in all cases are 255.255.255.0, and there is a static route defined on ADSL2 Modem/Router - Network/Mask 192.168.2.0/24, Gateway 192.168.1.1
We are experiencing an issue whereby copying files from any workstation on the 192.168.2.x network to the file server on 192.168.1.x is extremely slow, sometimes 100Kbps (or less!). File copying has been done using Samba AND SFTP/SCP, and the performances are the same regardless of method/application. Copying files while on the same network is instantaneous, but between networks is unbearably slow! Internet browsing and email has no obvious complaints - the connection to the ISP is not the fastest, and therefore the expectation is set accordingly. However, moving files around our own network should be a relatively quick exercise - all machines are newish, and cabling is Cat 5e or 6.
Given the above, I am suggesting that the Netgear FVS318 might be the bottleneck. The reason for the two networks is for security, and using physical devices (and different IP networks) to separate the two has been the underlying motivation. Firewall rules allow a handful of ports open on the 192.168.1.x network, and nothing on the 192.168.2.x network.
I am considering purchasing a switch, and have read that one with VLAN capabilities might be the go, as I am led to believe that VLANs ensure network separation, and therefore (hopefully) security is maintained.
I guess my question is, if I did purchase a switch - What should it be, and why? And how would the network configuration look in doing so? Could it be that I could simply have the ADSL2 Modem/Router and Network Switch (with all devices connected to the new Switch, but separated by way of VLAN config). And how should I construct my network address assignment (ie. maintain 2 network address ranges? More/less?). Any recommendations?
Thanks in advance.
Facebook
Twitter
Instagram