Create a separate network for POS systems
Create a separate network for POS systems
POS refers to the checkout area, not just the payment terminal. The terminal might be included in the POS or separate. In smaller shops it's usually not present and communicates via cellular or Wi-Fi networks (older models use landlines).
This looks promising. I wonder though if I really need all those firewall rules to make it actually work. Below is a quick view of them. configure set firewall group network-group PROTECT_NETWORKS set firewall group network-group PROTECT_NETWORKS description "Protected Networks" set firewall group network-group PROTECT_NETWORKS network 192.168.0.0/16 set firewall group network-group PROTECT_NETWORKS network 172.16.0.0/12 set firewall group network-group PROTECT_NETWORKS network 10.0.0.0/8 set firewall name BLOCK_IN set firewall name BLOCK_IN default-action accept set firewall name BLOCK_IN rule 10 action accept set firewall name BLOCK_IN rule 10 description "Accept Established/Related" set firewall name BLOCK_IN rule 10 protocol all set firewall name BLOCK_IN rule 10 state established enable set firewall name BLOCK_IN rule 10 state related enable set firewall name BLOCK_IN rule 20 action drop set firewall name BLOCK_IN rule 20 description "Drop PROTECT_NETWORKS" set firewall name BLOCK_IN rule 20 destination group network-group PROTECT_NETWORKS set firewall name BLOCK_IN rule 20 protocol all set firewall name BLOCK_LOCAL set firewall name BLOCK_LOCAL default-action drop set firewall name BLOCK_LOCAL rule 10 action accept set firewall name BLOCK_LOCAL rule 10 description "Accept DNS" set firewall name BLOCK_LOCAL rule 10 destination port 53 set firewall name BLOCK_LOCAL rule 10 protocol udp set firewall name BLOCK_LOCAL rule 20 action accept set firewall name BLOCK_LOCAL rule 20 description "Accept DHCP" set firewall name BLOCK_LOCAL rule 20 destination port 67 set firewall name BLOCK_LOCAL rule 20 protocol udp commit set interfaces ethernet eth1 firewall in name BLOCK_IN set interfaces ethernet eth1 firewall local name BLOCK_LOCAL commit save exit MAKE SURE TO CHANGE THE INTERFACES IN THE LAST TWO SET COMMANDS TO MATCH YOUR PHYSICAL INTERFACE OR VLAN!!!!!!!!!!!!!!!!!!
Advanced EdgeRouter firewall settings are typically configured via the command line. These scripts automate multiple tasks at once. However, you can still set up two separate LANs that connect to the same WAN using the visual interface. A built-in wizard assists throughout the process.