Internet Connection for Public Library

Unanswered Question

I need some help on how to deploy this setup. The fios internet connection was installed in our data center but the public users are located on the other end of our network. Hence, this connection needs to traverse thru our internal network. I would like this internet traffic to not be visible internally. Do I use 2 firewalls? one on the DMARC end and one on the public users end? Please advise. Thanks


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sachinraja Wed, 06/10/2009 - 08:42

Hello Abraham

How are the closets/switches between the edge (where the public users are sitting)and datacenter connecting ? If you are running a trunk between these buildings, you can just assign a Layer 2 VLAN called "Guests" and trunk it over to the datacenter and directly terminate it either on the core switch or the firewall. By doing this , layer 3 visibility of the internet traffic can be avoided. you dont need additional firewalls here, but it really depends on your connectivity..

Hope this helps.. all the best.. rate replies if found useful.


Hi Raj, The traffic goes thru several hops from the library to our data center via layer 3 switches. How can I prevent the public users from our internal network? Don't I need 2 firewalls at each end? If I do, how it the public users FW configured?

C:\Documents and Settings\>tracert

Tracing route to []

over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms []

2 <1 ms <1 ms <1 ms []

3 <1 ms <1 ms <1 ms

4 <1 ms 1 ms <1 ms []

Trace complete.



ronshuster Mon, 06/22/2009 - 08:13


If you want to limit a specific vlan from accessing the company's internal resources, why don't you create an access-group on the vlan interface and only grant them access to the Internet. That will work.


This Discussion