Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 26 subscribers
  • Views 3369 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Configuring a DMZ

DunRon

Hi,

I want to put a server into the predefined DMZ and have split my LAN network into two subnets: x.x.x.0/25 for LAN and x.x.x.128/25 for DMZ. I put a still unbound Port in the DMZ and assigned IP x.x.x.129/25 to it. Then I added a DHCP server for this interface with lease IP range x.x.x.200 - x.x.x.254. When I connect a device (e.g. a Pi) to the DMZ Port it receives the first available IP from DHCP. This is visible under Configure, Network, DHCP. From the Device Console I can ping the Dynamic IP.

But no matter what user/network or business firewall rule I put in place, I cannot reach the device. Not even by ping, let alone SSH.

Can someone explain to me how to access the DMZ devices from LAN? What rules are needed? I did put in a general LAN to DMZ Network rule (Any host, Any service). What am I overlooking?

Thank you.

 



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi 

    Thank you for reaching out to the Community! 

    Could you please post screenshots of the LAN/DMZ interface, DHCP server configuration for both interfaces, and firewall rule?  

    You could also run a packet capture on destination IP to determine if the firewall is blocking this traffic. Check out the following KBA for more info: Sophos XG Firewall: How to filter packets using packet capture.

    Thanks,

  • 0 in reply to FormerMember

    Thank you H_Patel for your effort to help out.

    Actually I thought I had deleted this post yesterday. Well, anyway, I tried to do so because I found a solution. Introducing a whole new network for the DMZ did the trick. It suddenly worked after that.

    Could it be that splitting the network into two subnets while it was in use messed up the routing tables? I think it was a routing problem that I encountered.

    Kind regards.

  • FormerMember
    0 FormerMember in reply to DunRon

    Hi  

    Thank you for the update. 

    Overlapping subnets on two different interfaces could be the problem in your case. To avoid routing issues, we recommend you ensure that network does not overlap with any other interfaces on the firewall. 

    Thanks,

Reply
  • FormerMember
    0 FormerMember in reply to DunRon

    Hi  

    Thank you for the update. 

    Overlapping subnets on two different interfaces could be the problem in your case. To avoid routing issues, we recommend you ensure that network does not overlap with any other interfaces on the firewall. 

    Thanks,

Children
No Data