Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Network_Engineer
New Contributor III

Created on ‎04-24-2022 02:42 AM

DMZ

I am supposed to connect an equipment to the DMZ region.

What am I supposed to configure on the interface going to the DMZ?

How does the firewall now what to authorise to go into the LAN and what to reject? 

Labels:
2174
0 Kudos
1 Solution
seshuganesh
Staff
Staff

Created on ‎04-24-2022 11:32 PM

Hi Team,

 

Here is your scenario:

seshuganesh_0-1650868087148.png

As my colleague mentioned, initially you need to configure IP address to DMZ interface. You can follow this article for the same:

https://help.fortinet.com/fweb/540/Content/FortiWeb/fortiweb-admin/network_settings.htm

Once you define the interface, make sure the machines which are there in DMZ equipment should be there in the same subnet.

Now if you want to give access to LAN machines from DMZ there should be a firewall rule from DMZ to LAN.

If you want to give access to DMZ from LAN there should be firewall rule from LAN to DMZ.

You can see this article for creating firewall policy:

https://docs.fortinet.com/document/fortigate/6.0.0/handbook/554066/firewall-policies

Please check and keep us posted

View solution in original post

2156
0 Kudos
2 REPLIES 2
akristof
Staff
Staff

Created on ‎04-24-2022 11:22 PM

Hi,

Thank you for your question. Treat DMZ port as any other interface. Configure IP address to interface, enable DHCP server or DHCP relay if needed and that's it. And then you need firewall policies to allow traffic between DMZ and other interfaces of FortiGate. There you can allow/block traffic etc. So based on firewall policies firewall know if traffic is allowed or not.

Adrian
2100
0 Kudos
seshuganesh
Staff
Staff

Created on ‎04-24-2022 11:32 PM

Hi Team,

 

Here is your scenario:

seshuganesh_0-1650868087148.png

As my colleague mentioned, initially you need to configure IP address to DMZ interface. You can follow this article for the same:

https://help.fortinet.com/fweb/540/Content/FortiWeb/fortiweb-admin/network_settings.htm

Once you define the interface, make sure the machines which are there in DMZ equipment should be there in the same subnet.

Now if you want to give access to LAN machines from DMZ there should be a firewall rule from DMZ to LAN.

If you want to give access to DMZ from LAN there should be firewall rule from LAN to DMZ.

You can see this article for creating firewall policy:

https://docs.fortinet.com/document/fortigate/6.0.0/handbook/554066/firewall-policies

Please check and keep us posted

2157
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.