Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
pccstech
New Contributor II

Create a DMZ for a set of VMs?

Hello 

 

I have several VMs I'd like to protect with a DMZ. They need to be accessible from the Internet and internally. I'm looking for assistance in finding some "howto" docs or general guidance in creating the DMZ.

 

We have a Fortigate appliance with two connections to it. One internet facing the other is internal.

 

Our VMs are of the form 10.10.10.x. We currently have a few Virtual IPs and polices allowing internet traffic to these VMs. I am able to understand the "cookbooks" for wired connection to protect physical servers but I'm lost as where to start to protect a VM.  Thx in advance for any guidance you can provide

 

7 REPLIES 7
abarushka
Staff
Staff

Hello,

 

I can not think about the differences between protecting physical servers and VMs. Firewall is treating the same way traffic from/to physical servers and VMs.

FortiGate
pccstech
New Contributor II

The traffic filtering being the same I get.  To start building the DMZ I think I need to create a new interface?  What kind?  

pccstech
New Contributor II

We are on version 7.0.11

abarushka
Staff
Staff
pccstech
New Contributor II

Thx for the replies.    The topology example looks to be for a physical server connecting to an open port. 

 

Q: Is creating a new interface the correct first step in creating the DMZ? IF so what type should it be?   My Choices are:

802.3ad Aggregate

EMAC VLAN

Loopback

Redundant

Software Switch

SSL-VPS Tunnel

VLAN

 

Also which interface member should I choose? External or Internal?

 

abarushka

Hello,

 

Interface type selection rather depends on the network topology and requirements (speed, redundancy, etc.) than security. I can not see significant difference between interfaces in terms of security.

FortiGate
pccstech
New Contributor II

All set. Thx

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors