Guest User!

You are not Sophos Staff.

Thread Info
  • Locked Locked
  • Replies 8 replies
  • Subscribers 4 subscribers
  • Views 6168 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SETING UP DMZ HELP UTM 9

nikola Aleksoski

Hi. I'm tying to set up dmz network, but it doesnt work, i was looking for user manual about dmz, but i did not find anything. Can somebody point me where to look for instructions for seting up DMZ? ^^[:D]



This thread was automatically locked due to age.

  • Nikola,

     

         In UTM we don't use zones so you would configure this just like any other network starting with an interface. You would then use firewall policies to enforce access controls. Are you looking to put the DMZ on its own private network or do these hosts in the DMZ use public static IPs? This will make a difference in your configuration.

     

    Regards,

    Alan

  • in reply to Firewalls.com Inc

    We have our own pool of addresses, routed and provided by our ISP and we want them on a separate NIC (which we alreay create as a new interface, provided address), so that they would reside on a separate network (VLAN or another switch) and any host attached could be assigned public IP from that pool. Our config: NIC0: WAN IP: 217.x.x.213 NIC1: Internal net: 192.168.x.1/24 (behind nat) NIC2: DMZ net: 92.x.x.x/25 What is the next step? [:D]

  • in reply to nikola Aleksoski

    You will need to configure an interface bridge, bridging two interfaces on the 92.x.x.x/25 network will allow one interface to go to the upstream router and the second interface to go to your switch which your hosts/servers will reside on. You will then need to configure additional addresses for your public IP addresses being routed to you on the 92.x.x.x/25 that will be assigned to your servers. Then you would use firewall policies to allow the services to be passed to the hosted servers. You will not be required to configure a NAT with this type of configuration. 

     

    -Alan

  • in reply to Firewalls.com Inc

    I will try that. Thank you very much alan 

  • in reply to nikola Aleksoski

    Hi, Nikola, and welcome to the UTM Community!

    Another thought in addition to Alan's solution - If you have a subscription for and want to take advantage of Webserver Protection, you may want to make your DMZ into an RFC 1918 subnet (in 192.168.0.0/16 or 172.16.0.0/12) and configure your additional public IPs as Additional Addresses on your NIC0 interface.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • in reply to BAlfson

    We do not have subscription of Webserver Protection =| thanks anyway for trying to help

  • in reply to Firewalls.com Inc

    Alan,

    We need a setup without bridging interfaces. We have one interface connected to the router and we want the DMZ to be able to have hosts with assigned public IP addresses.

    Communication between our DMZ and internal network is not required.

  • We solved the problem. We had additional address configured for this pool. We removed them, and dmz activated.. [H]

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML