Can you make a server connects 2 x WAN router NOT on the internet?

[Happy Hopping]

say I have a Cisco RV series router, that c/w 2 x WAN. Can I connect the server to 1 of the WAN, have the internet cable modem connects to the other WAN, and let the users access the server and users going to the internet, and yet prevent people outside to access to the server?

In other words, is there a way to block all traffic on a router level on the server?

the server is a file back up server, they want people to drag and drop files to the server for backup, but they don't want hacker to go thru the internet to the server

anyone?

 

[Zepher]

Well, the only way to keep a hacker out is to not be on the internet at all.
Let's say you isolate that backup server so the hacker can't get directly to it, all he would have to do is hack one of the client machines and then he can access the backup server.

 

[Happy Hopping]

No, the client PC are turn off after 4 pm, they are trying to prevent as much as possible, from 4 pm to 8 am the next morning

How do I isolate that backup server?

 

[Eulogy]

Why are you connecting the file server to the WAN?

If the server is just hitting a router, then the WAN without a UTM or firewall, you're just begging to be hacked.

 

[Happy Hopping]

then what you do to make it off from the internet?

I thought the WAN is protected by the firewall w/i the router box

 

[Eickst]

The two wan ports are for two separate internet connections. Not for internal computers/devices. It's meant for load balancing or continuity if one of your ISPs is down.

The RV series has firewall and vpn features built in. Not sure how thorough they are but I do believe Cisco offers subscription stuff for them depending on the model.

*also, turning your PCs off at night to prevent being hacked is one of the worst security myths out there. If anything it makes you more likely to be hacked since you aren't applying updates on a regular basis at night when users are away. How many users are going to install updates at 8:01am after their pc turns on and they have a report to finish?

 

[/usr/sbin]

if you don't want the server publicly accessible why not just drop all packets that come from outside you LAN scope? Also, if you are using NAT and nothing is forwarded no one will be able to reach the server from the WAN anyways.

 

[sethiano]

Well, the only way to keep a hacker out is to not be on the internet at all....

^ this

 

[Happy Hopping]

if you don't want the server publicly accessible why not just drop all packets that come from outside you LAN scope? Also, if you are using NAT and nothing is forwarded no one will be able to reach the server from the WAN anyways.

Naturally they are using NAT. I'll try your trick and see how it goes, thanks