Jump to content
Sadikhov IT Certification forums
Sign in to follow this  
zidand

Segregating CCTV Network from Business Network

Recommended Posts

Dear Experts,

Would like to get your guys advice on this. The scenario was written below;

 

My company just implemented new IP CCTV system. As a network admin, I've been instructed to join the new CCTV network to our existing corparate/ business network for system integration purposes - which allowing our normal user to view from their intenet explorer via existing corparate network.

 

Both network must be isolated each other due to support demarcation purposes. In other words both corporate network and CCTV network are in different cloud/ IP segment.

 

 

With this, really need your expert view on designing/ proposed a solution for this. Thinking on getting dedicated Hardware Firewall Unit for NATting purposes. Please advice. TQ.

 

Regards,

Share this post


Link to post
Share on other sites

Hello zidand,

 

I would suggest to use new/existing firewall to connect these compartments. If possible I would use existing infrastructure and segregate it via VLANs at L2 and with VRFs at L3. The Firewall would be the point where traffic from one VRF would be forwarded to another, according the specified policy.

 

The typical traffic flow would then be like this:

 

 

 

VRF CORP VLAN CORP

IP Camera->(switch, CCTV VLAN)->(L3CORE, CCTV VRF)->(FW)->(L3CORE, CORP VRF)->(DC SW, CORP VLAN)->Server

 

I would suggest to use different IP address ranges. Otherwise If you need NAT to avoid IP duplicity, implement it at firewall.

Edited by thead

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×