11-20-2017 03:48 PM - edited 03-01-2019 06:15 PM
Hello! I have a work network that is separated into vlans. Currently, our AV network is on a completely separate circuit from our data network. The question is this- our AV director would like folks who sign into the guest network to have access to devices that live on the separate AV network. What is the most secure way to have this happen? In other words, how can a guest come into our company with an iPhone or computer, and then seamlessly login to an AV appliance such as a Via Collage and use it, when it is on a separate network. Thanks in advance!
11-20-2017 05:05 PM
Hi @Bagley5777
Not sure what AV means and which access we are talking about.
For wireless access, there are some very approach for guest users.
-If I helped you somehow, please, rate it as useful.-
11-20-2017 06:46 PM
Normally to set this up securely we connect both Guest and AV (audio-visual) subnets/VLANs via a common firewall (referably one with built-in IPS like a Cisco ASA with Firepower services or FTD image type).
Then you can create an ACL on the firewall allowing the minimal connectivity required. The IPS bit will help scan for and block malicious activity.
11-20-2017 08:14 PM
Thanks for reply! So it's better to do ACL rather than some type of port forwarding?
11-21-2017 12:09 AM
Port forwarding by itself is not really security. Yes it will work but you also open yourself up to more risk.
All security decisions are the result of balancing risk and reward. If you don't care about the exposure, then the security implementation may not be worth it for you in terms of both capital expense (Capex) and operational expense (Opex). However if you already have some security tools at your disposal then it generally behooves you to use them.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: