Hi everyone,

I have a web server on my internal network. I can open external access by 

- creating a virtual IP to do port forwarding (EXT_IP:3000 --> INT_IP_SERVER:3000)

- create a policy to allow HTTP request from External Interface to Internal Interface

I now want to isolate my server through a DMZ interface. I guess the configuration part would be the same (replace Internal Interface with DMZ interface) but:

- Should I physically connect my web server to my DMZ interface (port 4 on my unit) ?

- If so I should do it through a switch to enable possible future servers added to the isolate network, no ? 

Many thanks ;)