Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 26 subscribers
  • Views 3095 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to effectively Protect DMZ server with WAN Address?

@wajdiaa

Hi guys, I have some serious doubts with the following scenario which IS working:

On eth3 in DMZ I have a pool of public IPs on servers.

FW rule is from WAN > Any source networks and devices, Destination Zone > DMZ, Destination Networks > the Public IP on server, Services > Ports xxxx...

I do: Scan Http, Detect Zero-Day threats with sandstorm, and Scan FTP for malware.

I also apply IPS (dmzpolicy) and obviously no masking. From your experiences, if this even close to enough in order to provide adequate protection? The problem is, it is a migration form another vendor and cannot be changed to DNATs at the moment.

Thanks!



This thread was automatically locked due to age.
Parents
  • 0

    I think it would further help if we knew the types of servers behind the firewall in the DMZ that you are trying to protect?

     

    As always, stay on top of update patches, implement host-based firewall, log activity, and monitor access.

     

    No public facing or non-public facing system is secure. You can only actively monitor it to make sure it's working and being used as intended.

Reply
  • 0

    I think it would further help if we knew the types of servers behind the firewall in the DMZ that you are trying to protect?

     

    As always, stay on top of update patches, implement host-based firewall, log activity, and monitor access.

     

    No public facing or non-public facing system is secure. You can only actively monitor it to make sure it's working and being used as intended.

Children