This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Automatic routing between "DMZ" and Internal

Hi,

I'm not that network guru but some principles still reside in my networking brain areas :-)

I just wanted to expose a Webserver using Sophos UTM.
I created a third "physical" interface in the UTM VM.
Then i created the interface in the UTM GUI.
I got 3 Interfaces in total.

DMZ 192.168.200.x/24
Internal 192.168.178.x/24
PPPoE WAN interface

Is there something like automatic routing in place?
If i disable all FW and NAT rules i can still Ping from am VM behind the 200er interface to a vm behind the 178er interface / segment.

Especially in a DMZ this is nothing i would want right?

Thank you so much!
Raiko

This thread was automatically locked due to age.

0 rmesterheide over 10 years ago

I found a workaround but maybe someone can explain this auto routing feature to me.

I disabled "Allow ICMP through Gateway" and created a DMZ -> Any -> Internal Drop Rule.

Thanks
Raiko
Cancel
Vote Up 0 Vote Down

Cancel
0 Scott_Klassen over 10 years ago

Allow ICMP through Gateway, which will make the system forward ICMP traffic if originating from an internal network
If enabled, it will pass ICMP requests sourced from any internal network. By checking/unchecking the box, the system will create/remove a system level firewall rule to allow the traffic.

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel