DMZ

Forum|Forum|4 years ago
April 24, 2022
2 replies
2585 views

I am supposed to connect an equipment to the DMZ region.

What am I supposed to configure on the interface going to the DMZ?

How does the firewall now what to authorise to go into the LAN and what to reject?

FortiGate

Best answer by seshuganesh

Hi Team,

Here is your scenario:

As my colleague mentioned, initially you need to configure IP address to DMZ interface. You can follow this article for the same:

https://help.fortinet.com/fweb/540/Content/FortiWeb/fortiweb-admin/network_settings.htm

Once you define the interface, make sure the machines which are there in DMZ equipment should be there in the same subnet.

Now if you want to give access to LAN machines from DMZ there should be a firewall rule from DMZ to LAN.

If you want to give access to DMZ from LAN there should be firewall rule from LAN to DMZ.

You can see this article for creating firewall policy:

https://docs.fortinet.com/document/fortigate/6.0.0/handbook/554066/firewall-policies

Please check and keep us posted

akristof

Staff

Hi,

Thank you for your question. Treat DMZ port as any other interface. Configure IP address to interface, enable DHCP server or DHCP relay if needed and that's it. And then you need firewall policies to allow traffic between DMZ and other interfaces of FortiGate. There you can allow/block traffic etc. So based on firewall policies firewall know if traffic is allowed or not.

seshuganeshAnswer