Ethernet Switch Management – How to Manage a Switch on WAN

managementswitch

I never keep a managed switch outside the firewall. However, I have a situation where I have to do that. I am connecting two Sonicwall NSA220 in HA configuration. So I have to use a small Ethernet switch in front of the firewall to connect the WAN cable to X1 port of both primary and slave firewall. I have ordered a pair of NETGEAR ProSAFE GS105Ev2 for that purpose.

Since the management IP of the managed switch has to be in the same subnet, I can only assign a WAN IP as the management IP of this switch. That means anybody can access this switch if I assign the IP, with password being the only defense.

What is the best way to deal with this? Not set the IP at all? I prefer to manage this switch, but not at the cost of security.

Best Answer

There are a few options with different security risks. You will have to decide which one(s) meets your needs.

Use an out-of-band connection to the console port. This is probably the safest way, but may require additional hardware to make a serial connection.
Create a separate VLAN on the switch and put the management port in that VLAN.Connect that VLAN internally or to a separate logical interface on the firewall.
Use unique credentials for the switch, and make them more complex than normal.
If the switch supports it, place ACLs on the management interface (this one doesn't).
Set the default gateway of the management IP to the firewall. Most firewalls will not issue redirects by default.

I'm sure other readers can think of other techniques.

Best Answer

Related Solutions

Switch – Simple redundant LAN

Managed Switch – How to Limit Internal LAN and Internet Traffic

Related Topic