Block other pfsenses on my network

pflover

hi. i have a network.
The network infrastructure is in my hands, but the servers are owned by other people who may do malicious work and set up another firewall and try to create new rules on the network that violate the rules of this original firewall. To prevent this, I intend to make sure that only the main firewall works on the network and no other firewall can set rules on the network.
whats your solutions?

JKnott

@pflover

????

Firewalls don't set rules for other firewalls. They can only be configured for what they pass or block. What you're asking for is like changing your door lock, so that someone else's door lock doesn't affect yours.

mer

@jknott
My solution is walk around physically inspecting every machine on the network. If you find an unauthorized firewall, unplug, smash it with a brick. If another one shows up in it's place, do the same thing but use a bigger brick.

viragomann

@pflover said in Block other pfsenses on my network:

set up another firewall and try to create new rules on the network that violate the rules of this original firewall

How should they do this?

If you manage the the main firewall and this one is installed on a central place in your network, you can control the whole traffic from the servers to other network segments and the internet as well as the whole downstream traffic to the servers.
If the servers should also be prohibited to talk with each other you have to segment your network. You can connect all the servers to a managed switch and put each one in a separated VLAN, which you control on the main firewall to take it to extremes. So you can control the whole traffic in and out on each VLAN, i.e. each unique server and you're absolutely safe, when you configure it properly.

stephenw10

Mmm, where exactly are these 'extra firewalls' ? Like a software firewall on the server(s)?