Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    DMZ with two FWs and one server

    Installation and Upgrades
    1
    1
    171
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jraschke11 last edited by

      Hello, sorry I am inexperienced with certain parts of setting up a new network.

      I am going to purchase a Netgate SG-3100, it has 2 ports for WAN/WAN or WAN/LAN and then a 4-port LAN switch.

      I am going to have one internet-facing firewall with a public IP and port forwarding to my web server, one web server with a private IP on #DMZsubnet, and a second firewall behind the web server protecting my internal LAN.

      Would it be correct to use the WAN port on FW#1 for the internet, and then plug both the web server and the WAN port of FW#2 in to one of the four LAN switchports?

      This setup is for a factory with 48 machines on the floor, and those 48 machines are feeding information to the web server. I know normally the FW#2 protecting the LAN doesn't allow any incoming traffic from the DMZ, only outgoing from the LAN, but that's not possible in this setup because I have to have two-way communication between the web server and the machines. But I still want to make it as secure as possible.

      Thanks.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post