Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 3 answers
  • Subscribers 42 subscribers
  • Views 54601 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Configuring Firewall with LAN with private IPs and DMZ with public IPs

ChrisDrescher

Hello

I want to configure my Firewall to have a private LAN with private IP Addresses and a DMZ Zone with our public range (255.255.255.224).

In the public zone it must be possible to reach the devices directly by public IP address and to connect via VPN to have access to data in a secure way.

How it could be done?

I created a simple picture for illustration.

Thank you for replying.

Regards

Chris



This thread was automatically locked due to age.
Parents
  • 0
    The Sophos XG Firewall has the ability to become a multi-port bridge therefore can be used as a layer 2 switch or router to interconnect multiple segments.

    1.) You will need to create a multi-port bridge, bridging your WAN interface to your DMZ interface.
    See Video: www.youtube.com/watch

    NOTE: Just be sure you select the appropriate Zone and Interface according to your setup/configuration.

    2.) You would use a Network Policy to restrict/limit access from LAN to DMZ.

    NOTE: If you are looking to use a VPN tunnel, the VPN would have to be terminated to the server itself so the server would have to be a VPN Server, else the data would come from the client on the LAN to the XG Firewall encrypted then the XG Firewall will decrypt this and send it to the DMZ insecure.

    Stay tuned in to our YouTube channel for more HOW TO VIDEOS to come!
Reply
  • 0
    The Sophos XG Firewall has the ability to become a multi-port bridge therefore can be used as a layer 2 switch or router to interconnect multiple segments.

    1.) You will need to create a multi-port bridge, bridging your WAN interface to your DMZ interface.
    See Video: www.youtube.com/watch

    NOTE: Just be sure you select the appropriate Zone and Interface according to your setup/configuration.

    2.) You would use a Network Policy to restrict/limit access from LAN to DMZ.

    NOTE: If you are looking to use a VPN tunnel, the VPN would have to be terminated to the server itself so the server would have to be a VPN Server, else the data would come from the client on the LAN to the XG Firewall encrypted then the XG Firewall will decrypt this and send it to the DMZ insecure.

    Stay tuned in to our YouTube channel for more HOW TO VIDEOS to come!
Children
No Data
Unfiltered HTML