M
M
mic442020-05-05 11:34:22
Computer networks
mic44, 2020-05-05 11:34:22

How to properly segment an enterprise network?

Good afternoon !

We have:
1. Network for ~ 250 different nodes (servers, computers, scales, cash registers, terminals, various commercial equipment).
2. Geographically distributed network (retail trade) ~ 10 objects.
3. Isolated video surveillance networks and other engineering systems (climatic and others), access to them through a router, port forwarding to the admin panel (on each object via a router).
4. The local provider provides communication channels between objects, as I understand it, all points are combined into one VLAN.

The domain is up. Users are divided into groups, accounting, managers, management, administrators ...
As a Kerio Control firewall, most of the switches at the sites do not hold unmanaged VLANs.
Everything is static.

All equipment in the network 172.16.0.0 /23, addresses are running out, and there is also a plan to open a new facility.

Prompt as it is correct to segment a network. I understand that it is best to beat each object into VLANs, depending on the type of equipment and access rights, but with the available equipment there is no such possibility.
Of the network equipment, only 1 CISCO SG200-26, Mikrotik Hex, and Kerio Control as a firewall.

So far, there is only an idea to put Mikrotik Hex on each store and raise VPN with Kerio Control, thereby segmenting the network. But with such a scheme, there are questions about the stability of work.

Answer the question

In order to leave comments, you need to log in

3 answer(s)
D
Denis Sechin, 2020-05-05
@tamogavk

I can develop and provide a plan for the transition to a fault-tolerant scheme with the possibility of expansion, as well as a hierarchical ippiplan, equipment selection, redundancy, etc. I will draw a detailed diagram of how everything will work. For money, of course. No one will advise you for free

V
Valentin, 2020-05-05
@vvpoloskin

The order of prices for such a service

Cost of new equipment * 2

A
AntHTML, 2020-05-08
@anthtml

Here, as already mentioned above, it is necessary to specifically look at the location of the organization, the available equipment, information flows, capabilities, the required scheme and the goals pursued: only expanding the address space or all the same access control, ensuring fault tolerance, centralization, etc.,
as well as what equipment is currently on locations and how included

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question