Hot!DMZ Configuration

Author
gohgss
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/10/29 18:50:19
  • Status: offline
2019/10/29 18:56:41 (permalink)
0

DMZ Configuration

hello,
 
Is there anyone can share the DMZ setup at Fortigate (201E)?
Do I need to trunk the interface port and create a VLAN for this at switch?
 
Appreciate your reply for this.
#1

5 Replies Related Threads

    ede_pfau
    Expert Member
    • Total Posts : 6097
    • Scores: 490
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: DMZ Configuration 2019/10/30 03:28:55 (permalink)
    0
    DMZ is a LAN segment like any other, with one exception: "regard the DMZ as hacked"
    That is, no policies from DMZ to LAN!
    For instance, if you need to synchronize data between a server on your LAN and a server in DMZ, you do not pull the data from the DMZ server. Instead, you push data from LAN to DMZ (with appropriate policy).
     
    Whether you create a DMZ on a physical or a virtual port doesn't matter.

    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #2
    gohgss
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/10/29 18:50:19
    • Status: offline
    Re: DMZ Configuration 2019/10/30 04:20:50 (permalink)
    0
    I have configured it as access port in switch that connect to FW interface.
     
    Just try to find out the best practice for DMZ configuration.
    #3
    CHR57
    New Member
    • Total Posts : 9
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/09/06 23:32:01
    • Location: Sweden
    • Status: offline
    Re: DMZ Configuration 2019/10/30 07:15:27 (permalink)
    0
    If you have like a web server on the DMZ that acts as front end and then redirect external traffic to an internal site you have to have DMZ to LAN. Hard to get real-time data pushed to the DMZ.
     
    Right?
     
    #4
    ede_pfau
    Expert Member
    • Total Posts : 6097
    • Scores: 490
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: DMZ Configuration 2019/11/03 07:18:23 (permalink)
    0
    @CHR57
    I stated the 'ideal' situation for a DMZ. In your case you might be able to process the data in the DMZ, with data coming in from the LAN. YMMV and often the strict uni-directional layout has to be broken in reality.

    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #5
    Vishalv16
    New Member
    • Total Posts : 18
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/08/15 06:31:18
    • Status: offline
    Re: DMZ Configuration 2019/11/04 06:06:45 (permalink)
    0
    i have setup DMZ in my company directly on firewall port with totally different ip range (you can connect switch to it and use as many system you like).
    this way it will be separate from your local network.
    make the necessary policy as required.

    Note: we have mapped DMZ local ip to public ip , also only Few ip from IT team have given access to DMZ local IP.

    Regards
    Vishal
    #6
    Jump to:
    © 2019 APG vNext Commercial Version 5.5