Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 3 subscribers
  • Views 1597 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Network definition for Internet traffic

DrStein
With 3 NICs (Internal, DMZ and Internet), What network definnition must I use or create to identify the Internet traffic source?
I want to avoid the use of 'any'.


This thread was automatically locked due to age.
Parents
  • 0
    You have to use ANY. If you want to prevent your DMZ from connected to your internal network (recommended) you need 3 rules.

    Source------------Dest----------service--------action
    Internal(net)-----Any-----------Any-----------Allow
    DMZ(net)---------Internal(net)-Any-----------Drop
    DMZ(net)---------Any-----------Any------------Allow
  • 0 in reply to JimmyM
    OK, but in NAT rules?
  • 0 in reply to DrStein
    The only NAT rule you will need is a masquerade rule, if you are using private numbers (172..., 192.168..., 10...)  for your internal networks.

    If you use the HTTP proxy, you don't even need rules! (There are pros and cons to using the proxy, that will be determined by your particular requirements).

    You can also elect to tighten up the Internal Any Any rule above to just the services you need to have go out...
Reply
  • 0 in reply to DrStein
    The only NAT rule you will need is a masquerade rule, if you are using private numbers (172..., 192.168..., 10...)  for your internal networks.

    If you use the HTTP proxy, you don't even need rules! (There are pros and cons to using the proxy, that will be determined by your particular requirements).

    You can also elect to tighten up the Internal Any Any rule above to just the services you need to have go out...
Children