Firebox 700 DMZ Setup

[dburniston]

I have 3 servers that make up a Lotus Learning Space system. Currently, they sit on the trusted network with private IP's (10.1.X.X). The Firebox maps an external IP (216.X.X.X)to each server.

I want to move them to the DMZ port and I'm having difficulty finding documentation on how to do this.

I know I will need a box to connect the 3 servers together and talk to the Firebox, but I don't know what this needs to be (router, hub, switch?).

Do I change the IP's of the servers to the external IP's or let the Firebox map to them?

Any help is greatly appreciated.

...Dave

 

[jhablitzel]

I would use a hub or switch to connect the machines together. You'll want to move them to a different private subnet than your trusted network, and setup the optional port on the Watchguard on that subnet also (use the optional port address as the default gateway on your DMZ subnet). Then redirect your external addresses to the new machine addresses just like you did when they were internal. My experience is that Watchguard will handle the routing automatically between the 3 networks.

 

[Ntr0P]

WG will handle the routing as you indicated, but will only pass traffic for rules configured. You will need to configure rules for anything you want to pass from Optional to Trusted. Likewise, configure rules for Optional to External.

You may want to check NAT to be sure it is configured for External-Optional as well.