This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DMZ on ASG-interface

Hello everyone
I want to set up a DMZ on a physical interface of my UTM.

Therefore I configured a /24 IP range on that interface. The port is connected to a top-of-rack switch where the port has a port-based VLAN.

This VLAN is tagged to the trunk-interfaces so it can be deployed on ports elsewhere (e.g. in the second datacenter).
See attached graphic.

I just want to check some basics:

First of all I was able to ping the UTM-DMZ address from a client network, even though no firewall rule was defined yet to allow traffic from LAN to DMZ.
Why?

Second:
I wouldn't need a gateway or static route right? All DMZ-servers would have an address in the DMZ-interface-network and everything would work w/o any internal routing right? (So traffic for 10.1.0.x would always leave via the DMZ-interface)

All very basic stuff but today I wasn't able to ping the ASG interface from a client on the VLAN 2 on the core switch (but maybe a core-switch issue I guess [:(])

Best regards

This thread was automatically locked due to age.

Parents

0 BarryG over 11 years ago

Hi,

FWIW, you could do VLAN trunking to the UTM, and then you'd only need to use one interface on the UTM, and could get rid of the 1st switch.

Your config may be faster though, IF the link between the 2 switches is > 1gb/s.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BarryG over 11 years ago

Hi,

FWIW, you could do VLAN trunking to the UTM, and then you'd only need to use one interface on the UTM, and could get rid of the 1st switch.

Your config may be faster though, IF the link between the 2 switches is > 1gb/s.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data