Segregating CCTV Network from Business Network
Posted 03 September 2012 - 09:27 PM
Would like to get your guys advice on this. The scenario was written below;
My company just implemented new IP CCTV system. As a network admin, I've been instructed to join the new CCTV network to our existing corparate/ business network for system integration purposes - which allowing our normal user to view from their intenet explorer via existing corparate network.
Both network must be isolated each other due to support demarcation purposes. In other words both corporate network and CCTV network are in different cloud/ IP segment.
With this, really need your expert view on designing/ proposed a solution for this. Thinking on getting dedicated Hardware Firewall Unit for NATting purposes. Please advice. TQ.
Posted 03 September 2012 - 11:47 PM
I would suggest to use new/existing firewall to connect these compartments. If possible I would use existing infrastructure and segregate it via VLANs at L2 and with VRFs at L3. The Firewall would be the point where traffic from one VRF would be forwarded to another, according the specified policy.
The typical traffic flow would then be like this:
VRF CORP VLAN CORP
IP Camera->(switch, CCTV VLAN)->(L3CORE, CCTV VRF)->(FW)->(L3CORE, CORP VRF)->(DC SW, CORP VLAN)->Server
I would suggest to use different IP address ranges. Otherwise If you need NAT to avoid IP duplicity, implement it at firewall.
Edited by thead, 03 September 2012 - 11:51 PM.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users