• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Reply to: Segmenting network

Collapse

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

  • You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
  • You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
  • If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

Previously on "Segmenting network"

Collapse

  • Netraider
    replied
    Glad its all working now. The Juniper is a serious bit of kit.....

    Leave a comment:


  • Archangel
    replied
    finally got this working using "home-Work" setting, had to change the adsl interface to "route" and the wireless "home" interface to "nat"

    cheers

    Leave a comment:


  • Archangel
    replied
    thanks for the reply

    I've tried the "home-work" port setup, nothing worked after that! there must be more to it, I reverted to the "trust-untrust" setting.

    Leave a comment:


  • Netraider
    replied
    Hi Archangel,

    Try this link or this link. It shows how to set up your ports etc so there is segregation (Home - Work mode).

    That will give you the configuration you are after.

    Just thinking, there might have to be some routing information put in. Hopefully one of the more clued up Juniper chaps or chapesses can help
    Last edited by Netraider; 22 May 2012, 07:22. Reason: Thought of something else.

    Leave a comment:


  • Archangel
    replied
    Originally posted by Vanilla View Post
    Nice one, should be fairly straightforward but if you need any help (and the latest ScreenOS) give me a shout. JNCIA blah blah.
    Hi Vanilla (and everyone else)

    I've tried to install/configure the Juniper 5GT and hit a bit of a problem. It works ok with just the default zones set up, but if I try to separate the Ethernet connections from the wireless then the ehternet stops working. Ive done this:

    1) Create a new zone "cards"
    2) Edit the "trust" interface (which i assume just has the ethernet ports in it as wireless/adsl have their own interfaces) and change the zone from "Trust" to "cards"
    3) Create a policy from "cards" to "untrust" of any/any permit

    This is when the card machine cannot connect

    changing the interface back to zone "trust" enables it again.

    Any thoughts on what I've missed?

    (as an aside, although the card machine is currently working via the trust zone, if I connect my laptop to another of the ethernet ports it cant connect to the internet, although it can via wireless)

    Leave a comment:


  • Vanilla
    replied
    Nice one, should be fairly straightforward but if you need any help (and the latest ScreenOS) give me a shout. JNCIA blah blah.

    Leave a comment:


  • Archangel
    replied
    Ok, I've bought the juniper. I may need some help in setting it up though! I'll post again when it arrives.

    Thanks so far

    Leave a comment:


  • Vanilla
    replied
    I'd relegate your routers to the store room and buy something like this Juniper NetScreen-5GT Wireless ADSL - BRAND NEW - | eBay

    Leave a comment:


  • Archangel
    replied
    So I've got the old router connected up to my laptop (not to the chip n pin yet), but can't find anything on the firewall to block incoming traffic, any thoughts anyone?

    The router is a Belkin Router/Gateway a bit like this one

    http://cache-www.belkin.com/support/...1-4_manual.pdf

    Or should I buy a cheap non wireless router and take the chance that the firewall is configurable?

    I'm being charged £17 a month for not being compliant so don't mind spending a few quid

    Leave a comment:


  • pmeswani
    replied
    Originally posted by SimonMac View Post
    Easiest way would be to get a cheap non wireless router to go in between the C&P and WiFi Router with firewall to allow only access one way (ie from wired to WiFi but not WiFi to Wired)
    If you have the money, buy a Sonicwall Firewall. It's a commercial Firewall, so not easy to buy off the shelf of PC World and like. That will allow you to create granular firewall rules to segregate your network how you want.

    Leave a comment:


  • Archangel
    replied
    Originally posted by SimonMac View Post
    Easiest way would be to get a cheap non wireless router to go in between the C&P and WiFi Router with firewall to allow only access one way (ie from wired to WiFi but not WiFi to Wired)
    Thanks Simon, I've got an oldish wireless router, I could try that and disable the wireless on it. I'm not sure how I'd configure the firewall I'll have to have a look.

    Leave a comment:


  • SimonMac
    replied
    Originally posted by Archangel View Post
    Hi techies

    I need to segment my network to comply with pci. The setup is currently as follows

    Ingenico chip n pin card machine with Ethernet cable to wireless modem router (netgear n300)

    3 or 4 laptops/iPhone connecting wirelessly

    I need either a hardware or software solution to isolate the chip n pin machine

    Any suggestions?

    Thanks
    Easiest way would be to get a cheap non wireless router to go in between the C&P and WiFi Router with firewall to allow only access one way (ie from wired to WiFi but not WiFi to Wired)

    Leave a comment:


  • Archangel
    started a topic Segmenting network

    Segmenting network

    Hi techies

    I need to segment my network to comply with pci. The setup is currently as follows

    Ingenico chip n pin card machine with Ethernet cable to wireless modem router (netgear n300)

    3 or 4 laptops/iPhone connecting wirelessly

    I need either a hardware or software solution to isolate the chip n pin machine

    Any suggestions?

    Thanks

Working...
X