Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 2 answers
  • Subscribers 27 subscribers
  • Views 5250 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Help in setting DMZ with unusual condition

Ryan Roger Taer

I have a rather unusual that I need help with.

Due to some fancy routing by our ISP, the WAN interface on our XG is actually configured with a fake IP.  Our real IPs (183.123.138.0/27) are configured on the LAN interface.  In this case, port 1 is LAN and port 2 is WAN.  So when we get connections on our public IP, our ISP statically routes them to our LAN.

We need to publish a server completely on the DMZ with the IP address 183.123.138.14.  I thought about setting up a transparent subnet gateway but it doesn't look like it will work in this case.  I haven't had the Sophos long so I definitely need help.

Anybody see how this configuration should go?



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to lferrara

    Here's a diagram of the relevant parts of the network.

     

     

    Now there are two ways I can see this configuration going:

    1. Bridge ports 1 (LAN) and 3 (DMZ) together and connect the server to port 3. While this may work, I can already see potential security problems with this configuration.
    2. Forget about assigning a public IP on the server and instead assign it to another port on the XG. Create a firewall entry to route all ports to internal DMZ server.

    Am I getting close?

Children