Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 11 replies
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 8944 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

External access from DMZ

Jenson Jacob

Hi,

I have a few servers in DMZ, all of them have static-ip and geateway, we haven't configured DNS since we dont want these servers to resolve names.

We have a web server in wan side but when we try to access it from DMZ the log says Default Drop. How can I resolve this?.

I have created a MASQ rule DMZ to WAN.

Also created firewal rule DMZ -> any service to WAN.

I have turned of all shields except firewall.



This thread was automatically locked due to age.
Parents
  • 0

    Hello All,

    Thank you fro quick reply.

    What I wanted to do is, my server in DMZ must be able to access a dedicated server in WAN side.

    Simply speaking 10.10.10.15->any port-> 192.168.20.254-> port 80

    My WAN subnet = 192.168.20.0/24

    My Internal Subnet = 192.168.1.0/24

    My DMZ Subnet = 10.10.10.0/24

     

  • 0 in reply to Jenson Jacob

    As Dirk points out below, I wasn't "seeing" the topology.  Jacob's #15 is correct as written.

    Firewall rule 15 should have a Traffic Selector of 'DMZ-metas -> Any -> Internet'.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to Jenson Jacob

    As Dirk points out below, I wasn't "seeing" the topology.  Jacob's #15 is correct as written.

    Firewall rule 15 should have a Traffic Selector of 'DMZ-metas -> Any -> Internet'.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson

    Hi Bob,

    the destination server (192.168.20.21) reside within Subnet "external (WAN) Network" (192.168.20.0/24) 

    So the destination of this rule should be OK ... i think ... i am false?

     


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    Correct, Dirk - Thanks!  Changing that post now.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML