questions about creating a DMZ

Forum|Forum|10 months ago
August 1, 2025
2 replies
478 views

I need to place some cloud servers inside a DMZ;

The topology is 2 fortigates in different locations;

each unit has 2 ISPs;

The question is, do I need to create 1 DMZ for each ISP?

How would I make this DMZ to use the 4 ISPs?

FortiGate

sjoshi

Staff

Hi,

On FGT if you want to have a dmz you can setup Virtual IP and enable port forwarding.

Can you brief me more on your requirement. Do you have internal server that is behind the FGT and needs to be access from outside using public IP?

https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/361386/protecting-a-web-server-with-dmz

Thanks, Salon

khotanbo1

New Member

You shouldn't just chuck web servers into a DMZ if you want them externally accessible. You should only allow specific ports for the Web servers. if ipv4 then nat port forward web ports to an nginx reverse proxy on the web server or use haproxy to direct the traffic accordingly. You should put the web servers in an isolated vlan and only allow ports necessary to other devices on other vlans required.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded