You can prevent primary router clients from getting to secondary clients. You wouldn't protect primary from secondary IF the secondary knows the IP address.goals
Is this possible? Can I restrict primary LAN access to all secondary clients via different subnet or will I need firewall rules as well?
- isolate secondary router clients from primary router LAN access.
- Using internet access from primary LAN connection.
If the "purpose" of the primary router is to provide connectivity, then it should be capable of providing you with a VLAN which will isolate your traffic to only your hardware and the internet. What do your terms of service with the provider say?Thanks for your input.
To further explain:
The Primary Router is not owned nor controlled by "us" but is the property of our Corporate Customer.
The Secondary Router(owned by we, the vendor) has attached "our" clients that provide a proprietary service to their corporate process.
The Primary(Corporate Customers router) sole purpose is to provide internet service to the Secondary router.
Therefore, we(the vendor/secondary router) are concerned with security for both parties.
We are also implementing a VPN between the Secondary router and internet connections
In this configuration, you have nothing to worry about because just like any other wan connection coming into your router, all packets not intended for your network will be discarded--doesn't matter if it is coming from the Primary Router's LAN or the Internet--as far as the secondary router is concerned, both are the same and generally discarded.To further explain:
The Primary Router is not owned nor controlled by "us" but is the property of our Corporate Customer.
The Secondary Router(owned by we, the vendor) has attached "our" clients that provide a proprietary service to their corporate process.
The Primary(Corporate Customers router) sole purpose is to provide internet service to the Secondary router.