Jump to content

Segregating CCTV Network from Business Network

  • Please log in to reply
2 replies to this topic

#1 zidand



  • Members
  • Pip
  • 2 posts

Posted 03 September 2012 - 09:27 PM

Dear Experts,
Would like to get your guys advice on this. The scenario was written below;

My company just implemented new IP CCTV system. As a network admin, I've been instructed to join the new CCTV network to our existing corparate/ business network for system integration purposes - which allowing our normal user to view from their intenet explorer via existing corparate network.

Both network must be isolated each other due to support demarcation purposes. In other words both corporate network and CCTV network are in different cloud/ IP segment.

With this, really need your expert view on designing/ proposed a solution for this. Thinking on getting dedicated Hardware Firewall Unit for NATting purposes. Please advice. TQ.

  • 0

#2 thead


    Advanced Member

  • Members
  • PipPipPip
  • 187 posts
  • Gender:Male
  • Location:Cetral Europe

Posted 03 September 2012 - 11:47 PM

Hello zidand,

I would suggest to use new/existing firewall to connect these compartments. If possible I would use existing infrastructure and segregate it via VLANs at L2 and with VRFs at L3. The Firewall would be the point where traffic from one VRF would be forwarded to another, according the specified policy.

The typical traffic flow would then be like this:

IP Camera->(switch, CCTV VLAN)->(L3CORE, CCTV VRF)->(FW)->(L3CORE, CORP VRF)->(DC SW, CORP VLAN)->Server

I would suggest to use different IP address ranges. Otherwise If you need NAT to avoid IP duplicity, implement it at firewall.

Edited by thead, 03 September 2012 - 11:51 PM.

  • 0

#3 MarkinManchester


    Village Elder

  • Veterans
  • PipPipPipPipPip
  • 3976 posts
  • Gender:Male
  • Location:Manchester

Posted 04 September 2012 - 08:02 AM

  • 0

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users