Two routers for two seperate areas?

jaykorai

Prominent
Dec 8, 2017
4
0
510
I was wondering If I could use 2 routers(firewalls) for two different areas of protections. One area thats has access to the internet which will be my Web and Mail servers. And the Second area will be where my workstation, WAP, and internal will be. Or will it be overly protected and simply can use 1 router with 2 firewalls.
 
Solution
Here is just an idea. There is a few ways of doing it.

I did it this way to give you a better idea of how subnetting works. However, if I was doing it personally. I'd only have one switch and do VLANing but that get more messy to explain so someone that doesn't do VLANing often.

Depending on your projects requirements. Subnets would be completely isolated. If users needed to access the other subnet to get to web server etc... they would have to go out from the WAN and back in to access it. Just like everyone else offsite.

If you are doing it via VLANing or firewall policies. You could allow exceptions through the firewall to allow internal devices to speak to the external ones over the LAN directly. But I suspect this would go...
Yes. But it depends on the firewalls.

You can even pull it off with cheapo consumer grade firewalls. But it is not the recommended way.

The recommended way would to be create two separate subnets via firewall ports. That is something you can't do with cheap consumer grade routers/firewalls.

What type of firewalls do you have?
 

jaykorai

Prominent
Dec 8, 2017
4
0
510
I was asking because I am working on the final project of my networking class and it asked me to create a SOHO Network Design. I was already given the from of the equipment like 18 workstations (4 for executives and 14 for open cubicle workstations) with 2 network printers , 2 servers (One Web and the other Email.) The Servers will be internet accesible while the workstations will be its own internal area. I set it up to where I have 2 routers, one that has access to the internet and the second one where the WAP and workstations will be held.

I was just wondering if I can pull it off by using two routers and 2 switches(for the private offices and open cubicle area)
 
Does the project require two routers to be used as the provided equipment? Is everything located in one building or separate buildings via WAN?

If they are in one building with one WAN.

Example:

eth01 on firewall is WAN
eth02 on firewall is LAN 192.168.1.x
eth03 on firewall is LAN 10.10.10.x

This can be done both with DMZ or just making a separate LAN subnet.
 
Then no real reason to use more then one firewall\router. Your normally only do that when routing traffic between WAN sites.

Use one firewall in the config I mentioned above. Put internal equipment etc... on one subnet and server on another.
 
Here is just an idea. There is a few ways of doing it.

I did it this way to give you a better idea of how subnetting works. However, if I was doing it personally. I'd only have one switch and do VLANing but that get more messy to explain so someone that doesn't do VLANing often.

Depending on your projects requirements. Subnets would be completely isolated. If users needed to access the other subnet to get to web server etc... they would have to go out from the WAN and back in to access it. Just like everyone else offsite.

If you are doing it via VLANing or firewall policies. You could allow exceptions through the firewall to allow internal devices to speak to the external ones over the LAN directly. But I suspect this would go against your project as the point of this is to keep the two separate. (security reasons).

28tdoab.png
 
Solution
That is not a function of a router. When you have multiple devices on the network. You want to be using a switch.

In theory you could connect the devices to the router directly. But that is not industry standard and the routers\firewalls normally only have like 6 ports...

Looks pretty good overall but I would put a switch on the right side for the web server and mail server. You need to think with the future in mind. What happens if they want to add more servers to that side? They wont be able too because there is not enough ports. Aka a switch is needed.

Might be going a little overboard but I'm a network engineer. Its just how I function lol

Also I don't know how far into it your project has to go. But as I did on mine. I would indicate the IPs so your professor knows it's two different subnets. (aka 10.10.10.x and 10.10.20.x or whatever subnets you want to use)