Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
muqtadir
New Contributor

Connecting different networks in the same building

I need to allow traffic from my DMZ application server (192.168.1.2) to communicate with our internal network (172.10.2.1). Could you kindly assit.

1 REPLY 1
nicerobot_FTNT

For any communication, you will need:

 

1. Route

2. Security Policy

3. Possibly a source network address translation if 172.10.2.1 does not know anything.

 

1. Route: a route from 192.168.1.0/24 to 172.10.2.0/24. This may be the default route on the system (192.168.1.2) to the gateway at 192.168.1.1. If 172.10.2.0/24 is connected interface on the FortiGate, the FortiGate will know how to connect to that system. 

2. Security policy for the traffic. Port/protocol/application.

3. Does 172.10.2.1 know how to get back to 192.168.1.0/24? Source NAT needed?

 

For DMZ traffic inbound, you need to only allow the specific traffic to the specific destination. Application control, IPS, everything turned on in protect mode. DMZ is basically letting the Internet in to your internal network, so only communications that are permitted. You would most likely want to enforce that traffic as internal-->DMZ and not the reverse.

---

Opinions expressed are my own and may not represent the official opinion of my employer.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors