Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 2 answers
  • Subscribers 26 subscribers
  • Views 19654 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multiple DMZs

B.R.O.

Does it matter how many DMZ zones you have on the firewall?



This thread was automatically locked due to age.
Parents
  • 0

    BRO,

    can you explain better your question?

    Thanks

  • 0 in reply to lferrara

    It seems like most people configure 1 DMZ for their network but I can configured 5 DMZs and thought I better verify whether that was a good or bad idea.

    I already have 1 dmz already configured, then I have two layer 3 Routers that need to go into a dmz zone and configured 2 more dmz interfaces for the HA failover Active\Passive Failover.

    Port 3 DMZ -Dr's Office   172.x.x.1\24

    Port 5 DMZ MEDVPN Router 10.10.10.1\24 (connect router directly into port)

    Port 6 DMZ R2 - Router to Datacenter 10.10.20.1\24 (connect router directly into port)

    Port 7 DMZ Peer HA link 172.1.1.1\24

    Port 8 DMZ HA - Dedicated HA Link Port 10.10.2.41\24

     

    My spare switch is a HP 1810-24G.  The firewall rules will be completely different for the 2 routers and it might be easier to separate them.  What do you think?

  • 0 in reply to B.R.O.

    I do not understand the difference between port 7 and 8.

    IF you want to create different zone, create additional LAN zone (or DMZ) and add the physical port as your needs. On those zones, do not enable services that you do not need (under Administration > Device Access).

    Pay attention when you create firewall rules. Use the proper zone and source/destination networks.

    Regards

Reply
  • 0 in reply to B.R.O.

    I do not understand the difference between port 7 and 8.

    IF you want to create different zone, create additional LAN zone (or DMZ) and add the physical port as your needs. On those zones, do not enable services that you do not need (under Administration > Device Access).

    Pay attention when you create firewall rules. Use the proper zone and source/destination networks.

    Regards

Children