- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
DMZ Configuration
hello,
Is there anyone can share the DMZ setup at Fortigate (201E)?
Do I need to trunk the interface port and create a VLAN for this at switch?
Appreciate your reply for this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
DMZ is a LAN segment like any other, with one exception: "regard the DMZ as hacked"
That is, no policies from DMZ to LAN!
For instance, if you need to synchronize data between a server on your LAN and a server in DMZ, you do not pull the data from the DMZ server. Instead, you push data from LAN to DMZ (with appropriate policy).
Whether you create a DMZ on a physical or a virtual port doesn't matter.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have configured it as access port in switch that connect to FW interface.
Just try to find out the best practice for DMZ configuration.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you have like a web server on the DMZ that acts as front end and then redirect external traffic to an internal site you have to have DMZ to LAN. Hard to get real-time data pushed to the DMZ.
Right?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you have like a web server on the DMZ that acts as front end and then redirect external traffic to an internal site you have to have DMZ to LAN. Hard to get real-time data pushed to the DMZ.
Right?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@CHR57
I stated the 'ideal' situation for a DMZ. In your case you might be able to process the data in the DMZ, with data coming in from the LAN. YMMV and often the strict uni-directional layout has to be broken in reality.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i have setup DMZ in my company directly on firewall port with totally different ip range (you can connect switch to it and use as many system you like). this way it will be separate from your local network. make the necessary policy as required. Note: we have mapped DMZ local ip to public ip , also only Few ip from IT team have given access to DMZ local IP. Regards Vishal
[size="1"] FGT100E,FGT100D,FGT300C,FGT300E[/size] FortiOS 5.2, 5.4, 5.6,6.0,6.0.2 and 6.2