An organization has a compliancy requirement to protect servers from clients, however, the clients and servers all reside on the same Layer 3 network.
Without readdressing IP subnets for clients or servers, how is segmentation achieved?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
The scenario described in the question is a common situation where an organization needs to protect its servers from clients on the same network. This can be achieved through network segmentation, which involves dividing a network into smaller subnetworks to isolate traffic between them.
However, in this case, the question specifically states that the IP subnets for clients or servers cannot be changed. Therefore, the solution needs to be implemented without any changes to the IP addressing scheme.
Option A suggests changing the IP addresses of the servers while remaining on the same subnet. This solution is not feasible as it would require changes to the server's configuration and may cause disruption to existing services.
Option B suggests deploying a firewall in routed mode between the clients and servers. This solution involves creating a new subnetwork for the servers, and configuring the firewall to route traffic between the clients and servers. The firewall can then be used to enforce policies that restrict traffic between the two subnets. This solution meets the requirements of the question, as it allows segmentation without changing the IP addressing scheme.
Option C suggests changing the IP addresses of the clients, while remaining on the same subnet. This solution is not feasible as it would require changes to the client's configuration, and may cause disruption to existing services.
Option D suggests deploying a firewall in transparent mode between the clients and servers. Transparent mode is a layer 2 firewall deployment where traffic flows through the firewall as if it were not there. This solution is not suitable in this scenario as it requires changes to the network topology, such as inserting the firewall between the clients and servers on the same network. This may cause disruption to existing services and is not a recommended practice.
In summary, the most appropriate solution for achieving network segmentation without changing the IP addressing scheme in this scenario is to deploy a firewall in routed mode between the clients and servers, as suggested in option B.