Need help with second router

We had SIP phones installed yesterday which have thier own VDSL router with is connected via it's own internet connection. However, to get this to work with our current phone system, they had to allocate an IP address which is on our Lan.

In effect, we now have 2 x internet connections.
One which is protected by the watchguard XTM33, and the new one which has very little in the way of protection (the sip one)

If anyone were to try and gain access via this new router, they could effectively get anywher on the Lan. (backdoor)

I'd like to create a rule on the firebox to disallow any traffic coming from that router, but I don't know which packet filter to choose

Could anyone offer any advice how I might go about this please.

Comments

  • The SIP phones and/or new router would need to be on a separate firewall interface or VLAN for firewall policies to be applied to traffic to/from the new router.
    The traffic that you want to block needs to pass though the firewall.
    It seems that this is not the case currently.

Sign In to comment.