Hi guys,
I have some serious doubts with the following scenario which IS working:
On eth3 in DMZ I have a pool of public IPs on servers.
FW rule is from WAN > Any source networks and devices, Destination Zone > DMZ, Destination Networks > the Public IP on server, Services > Ports xxxx...
I do: Scan Http, Detect Zero-Day threats with sandstorm, and Scan FTP for malware.
I also apply IPS (dmzpolicy) and obviously no masking.
From your experiences, if this even close to enough in order to provide adequate protection?
An alternative would be a DNAT to a private address in the DMZ or WAF, but it’s not possible at the moment since its a migration from other another vendor and a huge change for the client.
Thanks!
This thread was automatically locked due to age.