4. DMZ with two FWs and one server

DMZ with two FWs and one server

  • J

    Hello, sorry I am inexperienced with certain parts of setting up a new network.

    I am going to purchase a Netgate SG-3100, it has 2 ports for WAN/WAN or WAN/LAN and then a 4-port LAN switch.

    I am going to have one internet-facing firewall with a public IP and port forwarding to my web server, one web server with a private IP on #DMZsubnet, and a second firewall behind the web server protecting my internal LAN.

    Would it be correct to use the WAN port on FW#1 for the internet, and then plug both the web server and the WAN port of FW#2 in to one of the four LAN switchports?

    This setup is for a factory with 48 machines on the floor, and those 48 machines are feeding information to the web server. I know normally the FW#2 protecting the LAN doesn't allow any incoming traffic from the DMZ, only outgoing from the LAN, but that's not possible in this setup because I have to have two-way communication between the web server and the machines. But I still want to make it as secure as possible.

    Thanks.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy