The short answer is you would get the Router to route between the two VLANS, and fix it so that only the Payment devices have access to the internet.
if this was an on prem system, that would world. but this is a cloud system so both need access to the internet..
Actually that makes it make more sense. It's minimal value, but that doesn't mean zero. It will improve security and simplify audits if they are both SaaS connected devices like that. Not a big deal, but not bad, either.
So how would you make that work? just using firewall rules, to let the 2 talk to pull transaction information?
If they talk only to the hosted apps, the intercommunications should be on the server, not the client. Is that not correct?
If you need devices on two different LANs (vLANs are just LANs without physical separation) then communications between them is always through a router, and routers are firewalls. So first you have to build a route, then block traffic, then allow the traffic that you want.
in a "normal" IT system, that would be the case, as I'm sure you know.
POS however, the Pin pads talk directly to the Register to pull that transaction data to the Pin Pad - otherwise the pin pad wont know how much to charge the credit card -
Then you need to connect the two VLANs, effectively defeating the purpose. It's not entirely defeated, it is still a secondary firewall but only replicating the vastly more important local firewall.
ROFMAO - like the terminals have firewalls - HAHAHAHAHAHA
on this particular system (which I am the Admin for) Windows firewalls are required to stay on - for all 3 options no matter what.