I've been doing a bit of research and now I'm looking for some advice. I have a managed switch (Netgear M4200) that I want to connect to my ISP's modem (ciena 3903). Since I can't access the modem and it doesn't recognize VLANs, I want to set it up like this: switch > firewall > modem/ISP. I have a couple of questions: a) Is it correct to assume that a firewall is necessary to properly route the return traffic to the appropriate VLAN/device? b) What firewall would you recommend for this kind of setup, considering my 100 MBit internet connection that uses a fixed IP via Ethernet? Thanks in advance for your help!
4 Answers
Sounds like you're setting up a decent network! But I’d suggest you clarify a bit more. What exact model is your switch? Is it really an L3 or just an L2+? And what's the setup for your DHCP and DNS? Knowing all this can really help tailor the advice. For instance, if I'm doing something similar, I use a Cisco L3 switch going into a Palo Alto firewall. It handles routing between VLANs well, which can be really effective for security.
This might be better suited for a networking community rather than sysadmin. Just a heads-up!
I thought I was in the right place. Thanks for the heads up!
To give you a better suggestion, I'd need more details: What's your budget? How many devices are connected? Do you need features like NAT, site-to-site VPNs, or packet inspection? And honestly, how experienced are you with firewalls? There are so many options out there, from basic Sophos or Watchguard models to higher-end devices like Meraki or Palo Alto.
Budget is under $500, and there'll be about 15 devices connected. I mainly need NAT for VLANs. And I'm pretty new to firewalls. Thanks for the help!
For your situation, you might need more than just a firewall; a router could do the job as well since most routers include firewall features. In smaller setups, a separate firewall isn't always necessary. If you're in a small office or home office (SOHO) environment, I’d recommend looking at the FortiGate 60 series. They’re solid next-gen firewalls and should have what you need.
Thanks, Tina! I appreciate the recommendation!
It's 1-OMG-PoE+ and I know it’s end-of-life, which is why I want the firewall in between. It’s for a small business, and yes, I want to use VLANs to separate server traffic from WLAN.