Hi all,
Our firewall just died - it was a windows server 2003 rackmount running Microsoft ISA server. I'm shopping for a replacement, but would like to get an appliance rather than have to purchase a whole server, which just seems like overkill.
We had four network ports on the old box - one for internal, one for the cable modem, one for guest wifi, and one for the VPN (We have a dedicated Barracuda VPN appliance, so we won't be using the VPN functionality on whatever new router we purchase)
What we'd like to do is have a set of rules similar to what we had on the ISA server. We denied everything by default, and then for example:
- Allow outgoing HTTP, HTTPS, FTP access from guest wifi and internal network to the internet
- Allow access from the VPN subnet to certain ports on certain machines on the internal network
- Forward incoming access from the internet on port 443 to the VPN box
etc.
From reading the manual for the RV180, i could get a rough configuration going by putting internal, guest wifi and VPN on different VLANs, and disabling inter-VLAN routing for the guest wifi. However this doesn't get me the detailed control that I am used to - guest wifi and internal would be able to see the whole internet, and the vpn would be able to see anything on the internal network.
Does anyone know if the RV180 can actually give you this level of control? What would be the most cost effective router from Cisco that could do this for me?
Thanks for any help anyone can offer,
Phil