Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DMZ VS. Isolated LAN VS. different public IP for Web Services

    Scheduled Pinned Locked Moved Firewalling
    1 Posts 1 Posters 131 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      Bambos
      last edited by

      Hello everyone,

      I have some servers with open port on WAN, because of several web services running. Web servers, FTP, data acquisition MQTT and others.

      Can i please have your oppinion and suggestions on how to handle this in relation to protecting all other network resources that are not needed to be exposed. So i'm considering DMZ, isolated LAN's and different public IP without open ports, or a compination of those.

      So the scenarios are the following:

      1. First firewall doing port forward or 1:1 NAT to servers for web services. Then another firewall to the same LAN (or another LAN) taking care of protected network behind first firewall. (classic DMZ topology using 2 firewalls).

      2. First firewall doing port forward or 1:1 NAT to servers for web services on LAN1, and complete isolate all other network resources on LAN2 without traffic between them, or controlled traffic through firewall rules. (Isolated Lan's topology)

      3. Use different Public IP for LAN2 with none open port.

      4. Compination of 1 & 2.

      Thanks for any comments.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.