Small Office Network best practices and Security Networking

---

• Small Office Network best practices and Security
• Cisco IP Phone local directory doesn’t load over IPSec
• Zscaler for servers
• What type of person am I looking for?
• Would you recommend doing Cisco SGT on Fortinet? Or should I use the Fortinet NGFW identity features?
• LTE routers that connect to CDMA
• Any "big" 2.5/5GbE switches?
• What SFP+ module for single strand fiber?
• (HELP) Wake On Lan over separate VLANs with different IP ranges.
• EBGP Route advertised

Small Office Network best practices and Security Posted: 03 Jan 2021 06:41 AM PST Happy New Year! I'm setting up an office. When it's up and running there will be about 30 users. There will be no servers. There is 1 office printer. All our work is online.. we use Google workspace and slack. My networking kit is a UniFi Dream Machine pro and 2 x 48Port UniFi Poe switch. I have 9 UniFi POE cameras. I'm also using UniFi Access for 2 doors,.. so there are 2 POE controllers. At the minute I have 2 networks: Company - All users, Cameras, Internet and door access. Company Guest - WiFi only, Isolated to see only the internet. I have 3 wireless access points that have the above SSIDs Company and Company Guest. My questions are: Should I have a separate VLAN for the Cameras and a separate VLAN for the Door Access? Is there anything else I can do to make the network more secure? Should I be asking employees to connect their BYOD devices (mobile phones etc) to the Guest network.. or possibly set up a new network "Company BYOD"? Should I lock the "Company" WiFi down so it's only company owned / managed devices allowed by using Mac Filters etc. Many thanks Edit: Apologies.. neglected to mention.. - All company owned devices (laptops etc) are Windows 10 Pro - I'm not using Active Directory as such, I'm using Google Endpoint Management / Enhanced desktop security for Windows. This allows me to manage the devices (users log in to their device's using their Google credentials) and patchs etc. - Endpoint Security.. each device had a cloud controlled endpoint protection / antivirus installed that I Administor centrally in the cloud. submitted by /u/Desperate-Emu-2950 [link] [comments]

Cisco IP Phone local directory doesn’t load over IPSec Posted: 03 Jan 2021 06:35 AM PST Hi All, We recently installed a few Cisco 7975 IP phones in one of our remote offices. The setup has one Mikrotik router as gateway and IPSec endpoint. We have a CUCME router in our main office and phones in remote office connect to it through IPSec tunnel. Voice communication works fine between main and remote office but we have one problem. The local directory doesn't show up in remote office phones with the error "file not found". I checked the address http://<CUCME IP>/localdirectory is accessible from same VLAN in remote office. I also checked with 7942 but it remains in "requesting" mode when pressing the Directory button. submitted by /u/unpocolocoamigo [link] [comments]

Zscaler for servers Posted: 03 Jan 2021 03:05 PM PST Looking for a replacement for our current physical proxy fleet as they have now become end of life and have pretty much settled on zscaler as a replacement product. I'm interested to hear if anyone else is using the product to secure their server workloads as well? And if so what method they are using (agent, pacfile, transparent, ect). Zscaler looks to be the bees knees as far as Web Proxies for end user devices, but I cannot find much info on server usage. submitted by /u/Rexxhunt [link] [comments]

What type of person am I looking for? Posted: 03 Jan 2021 03:42 PM PST Hey everyone - seeking to activate the reddit hive mind once again. I posted in here a few months ago, but am working on business idea that consists of a network of premium rooftops in an urban environment most amenable to ultra wideband / mmWave networking. I am putting together this cohort of interested landlords and am at the point where I need to find a contractor of some sorts to complete two primary tasks: 1) a high-level structural and summary analysis of the roof space (e.g. pictures of the area, access to power, some measurements of the weight that various parts of the roof could support) as well as 2) a description an overview of the distribution frame within the building itself (e.g. is there fiber to the IDF, existing baseband units, IDF access to cable to the roof). Have folks in this sub come across professionals that might be able to accomplish both of these items in one visit to the site? And if so, what types of contractors would you recommend / keywords should I be searching? Thanks. submitted by /u/archanenome [link] [comments]

Would you recommend doing Cisco SGT on Fortinet? Or should I use the Fortinet NGFW identity features? Posted: 03 Jan 2021 09:16 AM PST Hey guys, As the title mentions I am wondering if to use Fortinet or ISE for micro segmentation for guest, PCI, end users and remote access VPN`s. So far I know Fortinet 600e models can do it via Fortimanager but I am wondering if it`s worth it, we got the Meraki 225, 350x, 425 ms series switches. Edge - Fortinet 600e`s Collapsed core- ms425 Access switches = ms 225, ms350x Wireless - MR46 Meraki AP All of our gateways are on the Fortinet edge firewalls for this site and our branches. I am stuck between using Fortinet or ISE to do this, also I am aware SXP is a whole different consideration for SGT planning I believe the switches here can do SXP. I was also hearing SGT`s are stateful so i need to create SGACL`s to allow traffic both ways? Lastly a question on SGT I am used to using one matrix is their any reason to use two matrix list? we only have about 1300 or so IT devices. submitted by /u/Fadakartel [link] [comments]

LTE routers that connect to CDMA Posted: 02 Jan 2021 08:28 PM PST Hey All, working on a small setup for a small business, they want it done on the cheap. The location they are in doesn't have many broadband options, and of the few that are present - the owners don't... approve of?? Lol... Anyway, they want an LTE hookup to the IOT stuff that monitors the site. Trouble is that the lte towers closest to the area are Verizon.. I've looked at cradlepoint and their cheaper alternatives, like this and this but many of them either explicitly state that they do not work with Verizon SIMs, looking at the docs it even shows that they do not connect to CDMA bands at all.. Does anyone know of a reliable lte router that connects to the verizon lte bands? Would really help me out - thanks! submitted by /u/pompouspoopoo [link] [comments]

Any "big" 2.5/5GbE switches? Posted: 03 Jan 2021 06:22 AM PST So, 2.5 and 5 Gb ethernet was meant as a replacement for 1GbE. But i cannot find any switches that can be used like this. Are there any 24 or 48 port 2.5/5GbE switches that can replace 1Gb units in offices? submitted by /u/Kojetono [link] [comments]

What SFP+ module for single strand fiber? Posted: 03 Jan 2021 08:02 AM PST I have OM3 50/125 MMF fiber of this sort: https://4942084.app.netsuite.com/c.4942084/SpecSheets/Duplex%20MM%20SSF%20OM3.pdf It's terminated with an SC connector on both ends. I think I need a BiDi module but I can't for the life of me find anything that matches the 850nm/1300nm specs. Am I missing something? Or do these not exist? I have Ubiquiti switches on both ends but I'm willing to swap for different equipment if necessary. I just want 10GbE. submitted by /u/fakeil [link] [comments]

(HELP) Wake On Lan over separate VLANs with different IP ranges. Posted: 03 Jan 2021 12:10 AM PST I've been trying to get this to work for the past week... The company I work for has a pretty large network which is divided into 4 separate VLANs, all with different IPv4 ranges. The two imporant ones for this are these two. 1) 172.31.31.x (VLAN used for our office building) 2) 192.168.x.y (VLAN for the stores, where x is the store number and y is the host) The stores are all equipped with a Saiwall slave router to be a part of our network. Here's the head-scratcher... I want to set up a Wake On LAN system to be able to power on the store PCs to make it easier for us to solve issues, but I can't seem to get the magic packets to successfully transfer through the VLANs. Could anyone enlighten me? One of the main issue I see here is that even though the stores are all in the same VLAN, they have different IPv4 ranges between them, since we use /24 mask on all devices... so it's tough to figure out which broadcast address would be correct for WOL, or if it's firewall issues. For reference, while setting up new store PCs, I was able to test WOL within our office VLAN, so the Wake On LAN settings on the hosts themselves are fine. submitted by /u/RandomSquezzy [link] [comments]

EBGP Route advertised Posted: 02 Jan 2021 09:55 PM PST Hi all, I have a question about bgp. So I'm currently doing some lab about BGP in GNS3. I am doing a simple IBGP only network and combination of IBGP and EBGP as shown below Network the BGP peerings are done only between connected router ( R1-R2 and R2-R3) in IBGP only, after configuring the routers, R1 cant see the LAN network in R3. I understand that in order to fix this, either I can create neighborship between R1-R3 (adding static route or IGP) or put R2 as a route-reflector. IBGP only While using EBGP, R1 can see the LAN behind R3, without adding route-reflector or creating peering between R1-R3. IBGP + EBGP Is this a standard behavior of EBGP route (the route advertised to an EBGP neighbor is passed on to the internal neighbor of the peer itself)? submitted by /u/Grey1010 [link] [comments]

You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion.. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States