As Shown in attachment, we have some OPC server machines connected to Network 1(Plant Network).
We have Placed a new PC which is connected to Network 1 as well as Network 2 (External Network).
This new PC takes data from Network 1 (Through Kepware software) and dumps it in Network 2 (SQL Server).
My requirement is no other data other than the configured data should go out or enter Network 1.
So we have Planned to use Firewall Switch. Incase if firewall Switch is configured in Gateway mode, i should enter Default Gateway address in new PC.
But my doubts are,
1)"Is it required to enter Default gateway address in all machines of network 1 from which data is taken?"
2) As only New PC is communicating with both the networks, is it sufficient to enter Default Gateway address only in the new PC
Expecting your Valuable Suggestions
Voted best answer
There is no need for any default gateway in any of the existing nodes.
Only the new PC will need a default gateway or static (persistent) route enabled on network 2 to be able to reach the SQL server on network 2.
I suppose you could have the new PC <-> firewall network segment on a private IP network address, eg 192.168.1.0/255.255.255.0 and enable NAT and stateful packet inspecting in the firewall. This is how most consumer firewall/access points works, ie just about "any" router hardware would work even though I recommend staying off consumer hardwares and go for an industrial graded hardware, eg a Westermo Lynx L20x.
The private network address/NAT adds extra protection since its not possible for an outside application on network 2 to pass telegrams from WAN to LAN; all communications must originate from the new PC On the "inside".
Stateful packet inspection adds extra protection. If the firewall support VPN tunneling it would be even more secure.