s_hcl

Development Support Finance
PC 192.168.2.1 PC 192.168.3.1 PC 192.168.4.1
| | |
| SERVER 192.168.1.1 |
| Windows 2003 AD server
| |
| | |
| | |
| | |
| | |
|_____________________Layer 3 SWITCH____________________|
| |With InterVlan |
| | |
| Firewall Device With VPN module |
| | |
MAIL SERVER | |
Internet ANTIVIRUS
SERVER



PROSPOSED NETWORK

Presently we have a workgroup environment with 25 systems on win2k proff and win xp proff.A Linux firewall is setup for interent access with Iptables and nating.
Hence all the users have internet access.Some policy changes are needed and I want do a setup with the following groups and the security features needed are as below.

Groups

Research
Development
Support
Mktg
Finance

1)No group should be able to access the resources of each other ,except the users in its respective group.

2)Internet access only for support and mktg.
3)Other groups to have mail access only ,but no internet access(How should i go about this ,was thinking of installing Mdaemon mail server OR Can I go in for a firewall which has the capapbilty of creating groups which will only allow pop3 and smtp ports for a particular group)

4)Each group will probably have its own file server
5)A person from one group may have permission to access resources of other groups(if such an option is possible)

OR


Windows 2003 Active directory parent domain (tech.com )in the 192.168.1.0 network.

Pcs are in the group as shown above.

If a Vlan is created to sepearte the groups in diff Netwroks say 192.168.2.0 ;3.0;4.0.....

Is it possible for me to create a Additional domain controller or a child domain to the tech.com network or can i create just one domain (tech.com) and can the users from subnet 192.168.2.0 be an user of that domain.

Kindly let me know.


I have attached 2 files

Attached Images

	diag1.jpg (48.0 KB, 2 views)
	diag.jpg (91.5 KB, 4 views)