This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Creating DMZ

Hi Guys 

 

 How can I make a DMZ on sophos sg125 and 210, I am newby in using sophos UTM

here's what I want to do.

 

I have a web serve with a public I.P. according into our penetration test we need to make our website safer in order to do that we need to go through DMZ.

My problem is I don't know how to do it



This thread was automatically locked due to age.
    • First you will need an additional interface. If you have unused interfaces this is the easiest, you can just create a DMZ interface using a currently unused physical interface (NIC). You can assign a (different than your Internal) IP-address/subnet to this interface.
    • You need to make a masquerading rule so to allow internet traffic for hosts in this subnet DMZ -> External
    • Depending on the license you have (including WAF or not including WAF) you may either need to create a DNAT rule (when you don't use WAF) to send traffic arriving at the desired public IP to the server in your DMZ or you need to create Virtual and Real webservers under Webserver Protection (WAF).

    Since you say you are a newbe you may have additional questions regarding this, so please ask them if above doesn't get you started enough.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • Hi apijnappels

     

     Can you send me image or video regarding that?

    Thank in advance

  • In which step exactly do you get stuck? It's easier to just make a few screenshots than a lot more.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.