Please forgive the basic nature of this question, but I have very little experience with networking and would appreciate feedback / input on this.
The rundown: We have access to multiple static IP addresses through our ISP. We have a primary office network, a secondary guest network, and a couple of file / web servers that need to be accessible from the outside.
The reason for a primary / secondary network behind the modem, is to allow guests at the office to sign in to wifi, without having to expose any of our internal servers/computers to that network.
I have attached a diagram of what I believe will work for this, and am wondering if this is the best way to set something like this up, or if there is a better way to do what we are trying to do.
Thanks for your time!
Best Answer
Yes, this is a pretty typical setup. However, depending upon your hardware, you could simplify things a bit. For instance, I have a similar setup but use only one router. I have two LANs (corporate/public) which connect to the router through two interfaces, Lan1 and Lan2. They are isolated form one another through routes and firewall rules.
Lan1 connects to the WAN via Wan1 interface and Lan2 can only connect to the WAN via a physically different interface, Wan2. Those two Wan interfaces are assigned two respective static IPs.
Lastly, web servers etc. which need to be accessible from the WWW are on a different internal interface called the DMZ. This is an internal network, a third subnet, mostly isolated from Lan1 and Lan2 for security reasons. Using Network Address Translation, your router may be able to "translate" an incoming request on a third, fourth, nth static IP address to an internal IP. You can better protect your server(s) using a hardware firewall instead of relying on whatever software your server is running.