This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SETING UP DMZ HELP UTM 9

Hi. I'm tying to set up dmz network, but it doesnt work, i was looking for user manual about dmz, but i did not find anything. Can somebody point me where to look for instructions for seting up DMZ? ^^[:D]

This thread was automatically locked due to age.

Parents

Firewalls.com Inc over 8 years ago

Nikola,

In UTM we don't use zones so you would configure this just like any other network starting with an interface. You would then use firewall policies to enforce access controls. Are you looking to put the DMZ on its own private network or do these hosts in the DMZ use public static IPs? This will make a difference in your configuration.

Regards,

Alan
Cancel
Vote Up 0 Vote Down

Cancel
nikola Aleksoski over 8 years ago in reply to Firewalls.com Inc

We have our own pool of addresses, routed and provided by our ISP and we want them on a separate NIC (which we alreay create as a new interface, provided address), so that they would reside on a separate network (VLAN or another switch) and any host attached could be assigned public IP from that pool. Our config: NIC0: WAN IP: 217.x.x.213 NIC1: Internal net: 192.168.x.1/24 (behind nat) NIC2: DMZ net: 92.x.x.x/25 What is the next step? [:D]
Cancel
Vote Up 0 Vote Down

Cancel
Firewalls.com Inc over 8 years ago in reply to nikola Aleksoski

You will need to configure an interface bridge, bridging two interfaces on the 92.x.x.x/25 network will allow one interface to go to the upstream router and the second interface to go to your switch which your hosts/servers will reside on. You will then need to configure additional addresses for your public IP addresses being routed to you on the 92.x.x.x/25 that will be assigned to your servers. Then you would use firewall policies to allow the services to be passed to the hosted servers. You will not be required to configure a NAT with this type of configuration.

-Alan
Cancel
Vote Up 0 Vote Down

Cancel

Reply

Firewalls.com Inc over 8 years ago in reply to nikola Aleksoski

You will need to configure an interface bridge, bridging two interfaces on the 92.x.x.x/25 network will allow one interface to go to the upstream router and the second interface to go to your switch which your hosts/servers will reside on. You will then need to configure additional addresses for your public IP addresses being routed to you on the 92.x.x.x/25 that will be assigned to your servers. Then you would use firewall policies to allow the services to be passed to the hosted servers. You will not be required to configure a NAT with this type of configuration.

-Alan
Cancel
Vote Up 0 Vote Down

Cancel

Children

nikola Aleksoski over 8 years ago in reply to Firewalls.com Inc

I will try that. Thank you very much alan
Cancel
Vote Up 0 Vote Down

Cancel
BAlfson over 8 years ago in reply to nikola Aleksoski

Hi, Nikola, and welcome to the UTM Community!

Another thought in addition to Alan's solution - If you have a subscription for and want to take advantage of Webserver Protection, you may want to make your DMZ into an RFC 1918 subnet (in 192.168.0.0/16 or 172.16.0.0/12) and configure your additional public IPs as Additional Addresses on your NIC0 interface.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
nikola Aleksoski over 8 years ago in reply to BAlfson

We do not have subscription of Webserver Protection =| thanks anyway for trying to help
Cancel
Vote Up 0 Vote Down

Cancel
nikola Aleksoski over 8 years ago in reply to Firewalls.com Inc

Alan,

We need a setup without bridging interfaces. We have one interface connected to the router and we want the DMZ to be able to have hosts with assigned public IP addresses.

Communication between our DMZ and internal network is not required.
Cancel
Vote Up 0 Vote Down

Cancel