Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DMZ HOw to....

Status
Not open for further replies.
joeldvn

joeldvn

IS-IT--Management
Jul 29, 2002
13
IL
Hi Guys,

I am not that expererience with Firewall, I have lots of experience with most networks so i get by.

we have PDS 2110 and firewall 4.1 SP5.

The company never had much need for VPN or DMZ they only had one machine to the out side without the protection of the firewall, also cause I didn't know or had the time to mess with it.

after a while I started to discover all kind of thing and I
managed to some how to get the VPN and the DMZ to wORK.

To make the story short I got one of the machines to work through the DMZ, meaning using the IP of the FIrewall to get out, I was impressed but I didn't know if all the rules in the policy apply to the DMZ machine as well?
or do I have to start appliying new rules seperetly to that specific machine.

P.S. there is no seperate network for the DMZ alonger story,

Joel
 
Sort by date Sort by votes
Don't quite understand! Where is the DMZ if it's not on a separate network?

Chris.
************************
Chris Andrew, CCNA
chris@iproute.co.uk
************************
 
Upvote 0 Downvote
Hi joel,
from what you've cited, I can understand that you have an ordinary DMZ which means that your DMZ lies on an interface of your firewall, so when you apply the checkpoint policy it will be applied on all interfaces.
All the rules that are in the policy will apply to the machine in the DMZ, but this machine won't be concerned by all these rules (except the rules you specified for that machine) because it has a specific IP address and rules are matched by IP addresses first.
P.S: Watch out the anti spoofing if it's applied or not on your firewall and make the correct anti spoofing configuration on the new interface (the DMZ).
Hicham Tfaily
 
Upvote 0 Downvote
"P.S. there is no seperate network for the DMZ"

If the DMZ is on another interface then it's on a seperate network (to the main network on the inside interface).

Chris.
************************
Chris Andrew, CCNA
chris@iproute.co.uk
************************
 
Upvote 0 Downvote
If there is no separate network for the DMZ, so it's not a DMZ!
Hicham
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
273
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
294
Johnkite
Johnkite
sudhakar346
  • Locked
  • Question
Cisco ASA inside to DMZ issue over public IP
Replies
2
Views
97
kythri
kythri
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
237
nnaarrnn
nnaarrnn
Russtoleum
  • Locked
  • Question
Windows client can't connect to sonicwall l2tp server
Replies
0
Views
84
Russtoleum
Russtoleum

Part and Inventory Search

Sponsor

Back
Top