"GAZ" <(E-Mail Removed)> wrote in message
news:BACE3F07-B564-4F14-BBCB-(E-Mail Removed)...
> We would like to create a "Project Domain" as a sub domain off our
> existing
> domain. This is so that's some of our engineers can add pc's to this
> project
> domain for testing and carry out other tasks. We would like to then
> firewall
> this domain off from our normal domain as a security measure. But still
> allow
> domain replication etc. to filter through.
90% of the things you would want to block are the very same things you have
to allow for AD to work. So a "firewall" becomes almost pointless.
BTW - you only need a LAN router running ACLs,...you do not want a
"traditional firewall" which is a NAT box,...because you don't want NAT.
> Is this just a case of putting a firewall between the existing network and
> the project network and opening ports on the firewall to allow the domain
> replication or is there another way we can create the Project Domain but
> block this off from the normal network so no one can use there normal
> credentials or gain access to the existing domain at all.
Just create a separate Lab Domain that has nothing to do with the regular
Domain. That's what I have here. You can have it on a separate IP Segment
and use ACLs on the router between them all you want since neither side
would depend on the other.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
Similar Threads
Linear Mode
