Hello
I have several VMs I'd like to protect with a DMZ. They need to be accessible from the Internet and internally. I'm looking for assistance in finding some "howto" docs or general guidance in creating the DMZ.
We have a Fortigate appliance with two connections to it. One internet facing the other is internal.
Our VMs are of the form 10.10.10.x. We currently have a few Virtual IPs and polices allowing internet traffic to these VMs. I am able to understand the "cookbooks" for wired connection to protect physical servers but I'm lost as where to start to protect a VM. Thx in advance for any guidance you can provide
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
I can not think about the differences between protecting physical servers and VMs. Firewall is treating the same way traffic from/to physical servers and VMs.
The traffic filtering being the same I get. To start building the DMZ I think I need to create a new interface? What kind?
We are on version 7.0.11
Hello,
You may consider to set DMZ role for the interface:
Here is a sample topology:
https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/361386
Thx for the replies. The topology example looks to be for a physical server connecting to an open port.
Q: Is creating a new interface the correct first step in creating the DMZ? IF so what type should it be? My Choices are:
802.3ad Aggregate
EMAC VLAN
Loopback
Redundant
Software Switch
SSL-VPS Tunnel
VLAN
Also which interface member should I choose? External or Internal?
Hello,
Interface type selection rather depends on the network topology and requirements (speed, redundancy, etc.) than security. I can not see significant difference between interfaces in terms of security.
All set. Thx
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
227 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.