This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DMZ on ASG-interface

Hello everyone
I want to set up a DMZ on a physical interface of my UTM.

Therefore I configured a /24 IP range on that interface. The port is connected to a top-of-rack switch where the port has a port-based VLAN.

This VLAN is tagged to the trunk-interfaces so it can be deployed on ports elsewhere (e.g. in the second datacenter).
See attached graphic.

I just want to check some basics:

First of all I was able to ping the UTM-DMZ address from a client network, even though no firewall rule was defined yet to allow traffic from LAN to DMZ.
Why?

Second:
I wouldn't need a gateway or static route right? All DMZ-servers would have an address in the DMZ-interface-network and everything would work w/o any internal routing right? (So traffic for 10.1.0.x would always leave via the DMZ-interface)

All very basic stuff but today I wasn't able to ping the ASG interface from a client on the VLAN 2 on the core switch (but maybe a core-switch issue I guess [:(])

Best regards

This thread was automatically locked due to age.

Parents

0 apijnappels over 11 years ago

pinging the gateway is configured under the ICMP tab. If it is allowed there, then your UTM will always respond.
Your DMZ-hosts should also have a default-gw is traffic to internet is required, usually they will point to UTM interface. Also masquerading rule is required to be able to use internet.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 apijnappels over 11 years ago

pinging the gateway is configured under the ICMP tab. If it is allowed there, then your UTM will always respond.
Your DMZ-hosts should also have a default-gw is traffic to internet is required, usually they will point to UTM interface. Also masquerading rule is required to be able to use internet.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data