Limit access to network for a specific IP address?

[glgcag]

I have created a two computer workgroup using a Linksys router and I need to give it access to my Internet connection which resides on a large network. I connected the wan port on the Linksys to the HP Procurve switch on my large network and set the WAN connection of the Linksys to point to the IP address of my Sonicwall. (They are on different IP ranges.) The small network now has Internet access.

How do I prevent the users on the small network from accessing resources on my main network? (Use the Procurve managed switch? Routing commands? Sonicwall policies?)

Any help is appreciated!

glgcag

 

[pansophic]

You would be better off if you connected the Linksys router to the DMZ interface of your Sonicwall. That would provide you ultimate control of that network.

If you created a secondary network address on the Sonicwall's internal interface and put the Linksys router on that same subnet, you could define a static route to your internal network that goes through an IP address on that new subnet that doesn't exist. All packets between the two network will be dropped.


pansophic

 

[glgcag]

I thought about the DMZ option, but I'm using all four ports on the Sonicwall. (One for lan, two for wan (dsl & cable for failover) and the last one for routing to our IP phone system.)

My internal interface (X0 lan interface on the Sonicwall) has no place in config for a secondary network address. How would I implement this?

Thanks for the reply!

 

[pansophic]

If it wasn't an appliance, you would just add the secondary address to the interface using ifconfig.

I believe that this technote will solve the problem for you.

http://www.sonicwall.com/support/pd...le_firewalled_subnets_on_sonicos_enhanced.pdf

pansophic