Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 3 answers
  • Subscribers 42 subscribers
  • Views 54596 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Configuring Firewall with LAN with private IPs and DMZ with public IPs

ChrisDrescher

Hello

I want to configure my Firewall to have a private LAN with private IP Addresses and a DMZ Zone with our public range (255.255.255.224).

In the public zone it must be possible to reach the devices directly by public IP address and to connect via VPN to have access to data in a secure way.

How it could be done?

I created a simple picture for illustration.

Thank you for replying.

Regards

Chris



This thread was automatically locked due to age.
Parents
  • 0

    Chris, were you ever able to get this working? I am trying to do pretty much the exact same thing. I am currently testing both the UTM 9 and XG for our office network. I had no problem doing this on the UTM 9, but can't seem to get it working on the XG. Once I create the bridge pair, I lose internet access from the LAN side.

    Matthew

    -----------------------
    SG210/UTM 9.407-3

  • 0 in reply to MatthewArciniega1

    Hey Matthew,

         Couple of questions, is it DNS related or can you not even ping the WAN gateway or google DNS 8.8.8.8? Also, is routing enabled on the bridged interface pair? 

  • 0 in reply to Firewalls.com Inc

    I can't even ping the gateway, let alone an upstream address like Google's 8.8.8.8.

    I have tried with routing enabled, and with routing disabled--though I assume that 'enabled' is what it should be set at. Before I create the bridge (that is, just a LAN and WAN interface) pings and DNS resolution work fine from the LAN segment. The bridge bungles it all.

    This is on an ESXi VM, with the LAN and DMZ connected to isolated vSwitch networks.

    -----------------------
    SG210/UTM 9.407-3

  • 0 in reply to MatthewArciniega1

    Chris,

         I can confirm functionality of this does work with creating the interface bridge and selecting both the WAN and DMZ zones with routing enabled on the bridged interface pair. lferrara has a good suggestion for splitting up your IP blocks, however if you need all of your public IP's why not just assign your servers private IP's, put them on a different subnet in the DMZ and just create the NAT's to the DMZ using the Business Application Firewall Rule's? 

    -Alan

Reply
  • 0 in reply to MatthewArciniega1

    Chris,

         I can confirm functionality of this does work with creating the interface bridge and selecting both the WAN and DMZ zones with routing enabled on the bridged interface pair. lferrara has a good suggestion for splitting up your IP blocks, however if you need all of your public IP's why not just assign your servers private IP's, put them on a different subnet in the DMZ and just create the NAT's to the DMZ using the Business Application Firewall Rule's? 

    -Alan

Children
Unfiltered HTML