Link to home
Start Free TrialLog in
Avatar of red_75116
red_75116Flag for United States of America

asked on

Restrict Network Access

How do I restrict network access on a server so it cannot browse out on its subnet or anyone on that subnet can access it?

The server is in an vmware environment.   Using a Sonicwall NSA 2400 for firewall.
Avatar of Andrew Hancock (VMware vExpert PRO / EE Fellow/British Beekeeper)
Andrew Hancock (VMware vExpert PRO / EE Fellow/British Beekeeper)
Flag of United Kingdom of Great Britain and Northern Ireland image

What network restrictions do you want to apply to the server?
If the control is on a subnet local to the server the external firewall will not be of much use. You would have to implement access rules within a host based firewall running on the server itself.

What kind of server is it?
Avatar of red_75116

ASKER

Windows 2008 32bit.

It is a webserver, which will have an external IP address, but I don't want any internal access to it or for it to access anything internal.
ASKER CERTIFIED SOLUTION
Avatar of Aaron Tomosky
Aaron Tomosky
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
On the sonicwall you can make other zones aside from the dmz, if you can plug it into a seperate port than the standard LAN. This would be my favorite so that if you wanted to you could make a rule allowing a developer access to the box for updates or something.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
And, the reason for the separate NIC is that if you have multiple virtual guests, they may use the same physical NIC.