4. DMZ with two FWs and one server

DMZ with two FWs and one server

  • J

    Hello, sorry I am inexperienced with certain parts of setting up a new network.

    I am going to purchase a Netgate SG-3100, it has 2 ports for WAN/WAN or WAN/LAN and then a 4-port LAN switch.

    I am going to have one internet-facing firewall with a public IP and port forwarding to my web server, one web server with a private IP on #DMZsubnet, and a second firewall behind the web server protecting my internal LAN.

    Would it be correct to use the WAN port on FW#1 for the internet, and then plug both the web server and the WAN port of FW#2 in to one of the four LAN switchports?

    This setup is for a factory with 48 machines on the floor, and those 48 machines are feeding information to the web server. I know normally the FW#2 protecting the LAN doesn't allow any incoming traffic from the DMZ, only outgoing from the LAN, but that's not possible in this setup because I have to have two-way communication between the web server and the machines. But I still want to make it as secure as possible.

    Thanks.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy