This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to effectively Protect DMZ server with WAN Address?

Hi guys, I have some serious doubts with the following scenario which IS working:

On eth3 in DMZ I have a pool of public IPs on servers.

FW rule is from WAN > Any source networks and devices, Destination Zone > DMZ, Destination Networks > the Public IP on server, Services > Ports xxxx...

I do: Scan Http, Detect Zero-Day threats with sandstorm, and Scan FTP for malware.

I also apply IPS (dmzpolicy) and obviously no masking. From your experiences, if this even close to enough in order to provide adequate protection? The problem is, it is a migration form another vendor and cannot be changed to DNATs at the moment.

Thanks!

This thread was automatically locked due to age.

Parents

0 Mark H over 7 years ago

I think it would further help if we knew the types of servers behind the firewall in the DMZ that you are trying to protect?

As always, stay on top of update patches, implement host-based firewall, log activity, and monitor access.

No public facing or non-public facing system is secure. You can only actively monitor it to make sure it's working and being used as intended.
Cancel
Vote Up 0 Vote Down

Cancel
0 @wajdiaa over 7 years ago in reply to Mark H

Agreed, and obviously there is no 100% security. The machines are linux, and of course patched and IP hosted with specific ports. The intention was to make sure proper settings are done to mitigate possible threats. ;-)
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 @wajdiaa over 7 years ago in reply to Mark H

Agreed, and obviously there is no 100% security. The machines are linux, and of course patched and IP hosted with specific ports. The intention was to make sure proper settings are done to mitigate possible threats. ;-)
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data