<![CDATA[This study examines how to block unauthorized access while keeping services available in an enterprise network. The approach combines Access Control Lists (ACLs) allow/deny rules on routers and Policy-Based Routing (PBR), which steers specific traffic without changing the main routing setup. The object of study is a lab simulation with four understandable parts: a central network (head office), an applications/services network, a provider/carrier network, and an external network (internet/partners). The method evaluates three scenarios: baseline, ACL, and ACL + PBR, in a virtual environment using straightforward measurements (ping, traceroute, and rule/route activity logs). Results show the internal subnet is closed in both directions as required; the legitimate path from the central network to the services network remains available and balanced via the provider network; there is no route leakage from the external network to unauthorized areas; and PBR successfully guides specific flows without disrupting the primary path. In conclusion, combining ACL + PBR effectively strengthens security while maintaining service availability, serving as a practical guide for multi-domain enterprise networks.]]>
Copyrights © 2025
