This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Creating unprotected DMZ segment

I'm looking to create a completly unprotected, unscanned network segement off of UTM and still be able to protect the internal network, I've gone thru and removed and created exemptions where I could find. However I think I'm still missing some as there are some things that still get blocked. I also need to make sure that they cannot route themselves thru the UTM and talk to the internal network. Anyone have thoughts on what I would need to do?

This thread was automatically locked due to age.

0 FrankBarmentlo over 11 years ago

I am just wondering why you want to do this.. any particular reason?
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 11 years ago

1. separate network space for the DMZ

2. Masquerading rule DMZ->WAN Address

3. Packetfilter rule at TOP of rules: DMZ->LAN DROP

4. Packetfilter rule (below above rule): DMZ->Internet Allow

5. Do NOT set the http proxy (Web Protection) to listen to the DMZ

6. create IPS & portscan / flood exceptions to/from DMZ if desired

Frank, I do things like this when I need to do a pentest (of another network).

Barry
Cancel
Vote Up 0 Vote Down

Cancel