How to config allow client in DMZ access to some specific IP address in Local Network

Forum|Forum|6 years ago
March 9, 2020
1 reply
2872 views

Hello guys

I am trying to config allow client in DMZ access to some specific IP address in Local Network. But I still got stuck

Do you have any advise?

Thank you very much in advance

ShawnZA

New Member

The policy should be as simple as:

Incoming interface: Your DMZ interface

Outgoing Interface: Your internal Interface

Source: The IP of DMZ client

Destination: IP of destination server/s in LAN

Service: whatever ports will be used

Schedule: Always

Action: Accept

NAT: Depends if you need it switch on if not leave off.

Dave_Hall

New Member

Want to add if this is one client (in the DMZ) to use /32 (e.g. 192.168.3.1/32) - you can set the service to all (any) for full access (otherwise use the dest port and set source port to 0-65535) - dest IP should be also /32 unless you really wanted access to more than one IP. Make sure to move the firewall policy up in the firewall chain, above any general access rule(s), so it is triggered. Unless you are not aware, firewall policies are processed from top-to-bottom until a matching rule is found/executed.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded