I prefer to separate networks into at least 3 categories, management, users, and external. I have some new gear that I’m starting to config and had some basic questions.
I have a Vega gateway that will be connected to a T1 from my provider and also connected to an old PBX also over a T1. I have a freepbx box with one interface each in a DMZ, VOIP, and management VLAN.
The 2 interfaces on the Vega gateway, should one be in the DMZ and the other in the management vlan? Or the VOIP vlan?
I know that some day if we terminate SIP from provider on the gateway one interface will have to be on the DMZ, I just wasn’t sure about how the gateway communicated with the PBX…if it would want the external/DMZ interface , the VOIP one, or the internal management one.
Is this sane or am I overcomplicating things?
Just to be clear:
DMZ = separate vlan on firewall that is not allowed any access to any other network unless specifically defined. IP addresses in this vlan may have a few external NATs pointed at them.
VOIP = only allowed access to PBX and a few network services like DNS/DHCP in other vlan
Management = controlled access limited to only a few vlans (IT/Helpdesk) mostly used for, you guessed it, management of devices (SSH, web gui, etc)