This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DMZ Segment can access Internal web services

Hi

We have several zones.

Internal 192.168.10.0/24
Wifi 172.10.10.0/24
Guest Wifi 172.20.10.0/24
DMZ 10.0.0.0/24

Our problem is this.

When connected to the wifi,guest wifi and DMZ we can access any web service running on any server within the internal lan.

there are no auto or user created firewall rules which allows this.

i have tried creating a block rule in place.

Source DMZ,Wifi,Guest Wifi
Service Any
Destination Internal
Action: tried both block and reject.

Any Ideas ?

This thread was automatically locked due to age.

Parents

0 EricS over 10 years ago

Wanted to provide an update since I ran into the same problem but the fix was different.

You need to add the internal network to the transparent destination host skiplist, then that will not be proxied by the UTM and then the DMZ network will not be able to get to the internal websites
That is under Web Protection | Filtering Options | Misc
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 EricS over 10 years ago

Wanted to provide an update since I ran into the same problem but the fix was different.

You need to add the internal network to the transparent destination host skiplist, then that will not be proxied by the UTM and then the DMZ network will not be able to get to the internal websites
That is under Web Protection | Filtering Options | Misc
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data