Hi,
We're having phone issues and the phone-co suggested putting one on a DMZ just to make sure it's not an issue with our UTM blocking something (I'm 99.99% sure it isn't .. nothing being blocked from our phone LAN in the logs, but I need to humor them). Anyway, I set up an interface and network with these rules:
DROP ANY "DMZ LAN" --> "data LAN","voice LAN","VPNs"
ALLOW ANY "DMZ LAN" --> Internet
ALLOW ANY Internet --> "DMZ LAN"
The phone got an IP address but not a connection to the VOIP servers (which are out on the internet).
So, I changed the second two rules to:
DROP ANY "DMZ LAN" --> "data LAN","voice LAN","VPNs"
ALLOW ANY "DMZ LAN" --> ANY
ALLOW ANY ANY --> "DMZ LAN"
(Since the DROP ANY rule is first, I assume it's keeping my networks safe from the DMZ)
Now it works.
But I don't know what it needs to talk to besides the internet to access something on the internet. At first I thought maybe it needed to have explicit access to the UTM, but it must've seen it, since it did get an IP address with the first configuration. Can anyone explain why rules to/from the internet weren't enough?
Thanks,
Jeff
This thread was automatically locked due to age.