Using Virtual-Wire to isolate and allow/deny traffic to a couple hosts on existing subnet.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Using Virtual-Wire to isolate and allow/deny traffic to a couple hosts on existing subnet.

L1 Bithead

We have a situation as a result of going through a PCI audit. We have a single subnet which contains a handful of servers that need to be isolated and traffic restricted. Originally we were going to move these few servers to a new switch VLAN changing the IP scheme and use the PA to permit/allow traffic between that new vlan and the existing subnet and internet. Now it looks like it is going to be pain since there are a lot of changes that will need to be done to these few servers to change the IP. Worse yet is that the vendor is on a service blackout as a result of being purchased by Oracle. So there is no time before our deadline to get assistance from them before we will be fined for not being in compliance.

My thought was to create a virtual wire where traffic would ingress to the PA from the existing LAN-VLAN (Client-SIde) and egress on the interface of the virtual wire (Server Side) so I can apply rules to all traffic bound to/from those servers. Seems like it should work in my mind, but wondering if I'm on the right track or is there is a better way to isolate these few hosts to lock them down.

Hopefully this makes sense. I can do a visual if needed.

Thanks

2 REPLIES 2

L7 Applicator

You're on the right track - and this would work as described. 

The other way to accomplish this would be using L2 mode with vlan-tag re-write. 

Either method would allow you to keep the same IP scheme, yet isolate one group of hosts from another. 

Thank you! That is what I needed to know. I went with the L2 mode with VLAN re-write. Works just as expected.

Josh

  • 3055 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!