Routers and Firewalls, do not mix businesses on same router
by Mountain Computers Inc., Publication Date: Saturday, August 10, 2019
View Count: 287, Keywords: Routers, Firewalls, VPNs, Mixing Businesses, Hashtags: #Routers #Firewalls #VPNs #MixingBusinesses
a client is wanting to add another business to their office space. the client's other party wants to create a VPN inside the existing router and split off their traffic.
what are the up and downsides?
here are the upsides - no extra hardware, just use the wizard to configure, multiple fingers in the router configuration cookie jar to make it work adds help and transparency to the overall architecture
here are the downsides - blame game, liability, risk, legal troubles, PII, HIPAA, another layer of complexity, mixed bandwidth usage and constraints, IP source could create leakage
the short term is yeah, sure whatever the business wants to make it work... the long term is, uh, probably not a good idea.
When you have an office and a business and say a business owner, and somewhere along the line a lawyer is summoned and comes in to defend the first party against a lawsuit for some Internet Network related patient privacy violation (PII or HIPAA) -- it gets complicated real fast if the network is mixed use.
For me, the most secure part of the network is one way in and out and no one else is supposed to be on the line except the Internet business account holder, and OEM hardware with layered security is proven, and not altered to some multi-pronged through software proxy or VLAN and VPN creativity to add another party; !! yet this is a proven technology, so why the push back? Short answer: Its all about liability. Long answer: well, that is a series of experiences based on history where you just don't want to go there.
suggestion or quick workaround -
1. have them use a vpn client to their home office versus a vpn tunnel between the two offices on the network router. himachi is good for site to site (internal) across an existing infrastructure without interfering with existing security protocols.
2. get a separate public ip and switch for them and just connect them direct to the rj45 jacks they need with their own wireless.
more to come...
if you found this article helpful, consider contributing $10, 20 an Andrew Jackson or so..to the author. more authors coming soon
FYI we use paypal or patreon, patreon has 3x the transaction fees, so we don't, not yet.
© 2021 myBlog™ v1.1 All rights reserved. We count views as reads, so let's not over think it.