Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Subscribers 3 subscribers
  • Views 1439 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DMZ documentation

dclab
Newbie eval user here.  Doing my initial setup, and have gone thru the manual.  The only mention of DMZ really is in the introduction.  Is there any write-up on properly setting up a DMZ?  I'm going by the assumption from other firewalls that I'd be setting up a third interface.  Please advise.


This thread was automatically locked due to age.
Parents
  • 0
    Yes, use a third interface.
    Add rules to ALLOW the DMZ to make connections to the INT network if applicable.

    Add a rule to logdrop all (other) traffic from DMZ to the INT network.

    Add rules to ALLOW the DMZ to make connections to the internet if applicable.

    (Theory should be same as any other firewall)

    Barry
  • 0 in reply to BarryG
    Thanks for responding.
    For the third interface do I make it a standard ethernet interface?  It's requiring an ip address which is something I'm not used to.  Previous firewalls didn't require the interface to have an address.  My DMZ port would be connected to a switch which houses the DMZ machines.  
    thx.
  • 0 in reply to dclab
    Yes, standard interface, and you'll need to create a subnet for the DMZ.

    If you are using private IPs for your internal network, simply create a new subnet for the DMZ.

    Barry
  • 0 in reply to dclab
    If you haven't already, try reading the manual and guides at  docs.astaro.org.

    You don't HAVE to setup a DMZ network if you don't want to... you can always forward stuff into your LAN.
    DMZ is much more secure though.

    Barry
Reply Children
Cookie Information Banner