hello,
Is there anyone can share the DMZ setup at Fortigate (201E)?
Do I need to trunk the interface port and create a VLAN for this at switch?
Appreciate your reply for this.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
DMZ is a LAN segment like any other, with one exception: "regard the DMZ as hacked"
That is, no policies from DMZ to LAN!
For instance, if you need to synchronize data between a server on your LAN and a server in DMZ, you do not pull the data from the DMZ server. Instead, you push data from LAN to DMZ (with appropriate policy).
Whether you create a DMZ on a physical or a virtual port doesn't matter.
I have configured it as access port in switch that connect to FW interface.
Just try to find out the best practice for DMZ configuration.
If you have like a web server on the DMZ that acts as front end and then redirect external traffic to an internal site you have to have DMZ to LAN. Hard to get real-time data pushed to the DMZ.
Right?
If you have like a web server on the DMZ that acts as front end and then redirect external traffic to an internal site you have to have DMZ to LAN. Hard to get real-time data pushed to the DMZ.
Right?
@CHR57
I stated the 'ideal' situation for a DMZ. In your case you might be able to process the data in the DMZ, with data coming in from the LAN. YMMV and often the strict uni-directional layout has to be broken in reality.
i have setup DMZ in my company directly on firewall port with totally different ip range (you can connect switch to it and use as many system you like). this way it will be separate from your local network. make the necessary policy as required. Note: we have mapped DMZ local ip to public ip , also only Few ip from IT team have given access to DMZ local IP. Regards Vishal
[size="1"] FGT100E,FGT100D,FGT300C,FGT300E[/size] FortiOS 5.2, 5.4, 5.6,6.0,6.0.2 and 6.2
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1731 | |
1098 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.