Hi, I'm not an idiot, but I am a little confused. It could also be translation errors, as they're not native English speakers, but let me try to write down what I've been told. We have a dedicated firewall/network server (CentOS-based) running the network. Lax rules, no restrictions on devices that people add to it (like personal routers/hubs), as long as it doesn't impact the service for anyone else in the office. HQ has sent down a ruling that we have to create a new secure network within the office so we can transfer some high-level services to our branch. The IT guys have assured me that we are not adding new cabling, and are just adding a new switch. That, and some "basic edits" will somehow create a new secure network. The new network will only have internal access, with no access to the real world and vice versa. Allocated machines will be able to access it, but then they will function normally as they're just workstations. All of this will be done without having to swap and plug any other cables in as the situation requires. I don't get it. It sounds like they are adding a new subnet with some highly-tuned iptable rules, but it's all sharing insecure hardware anyway. It'd all be IPv4, too, and no IPv6. What could I be missing?