asked on

DMZ Yes or No

I have a Sonicwall NSA240 and have two networks coming off the firewall. Network A is my corp network with a domain. Network B is a wireless network. I have a SQL server on network A that i need network B to get access to but i dont want them to have access to the other server on network A. Can i create a DMZ with my SQL server and give access from LAN to DMZ and WLAN to DMZ but deny WLAN to LAN? If i create DMZ do i have to change the ip address of my SQL server.

Network A: 192.168.XXX.XXX
subnet: 255.255.255.0

Network B 10.10.XXX.XXX
subnet. 255.0.0.0

What do my DMZ ip address be that both networks can see it?

Syed Muhammad Usman

Dear,
i would sugegst you create one more zone, you can name as Networ-A and Network-B...

create on AO for SQL server, make Access rule deny all from Networ A to B, create one more rule from Allow all from Network A to SQL and one more rule to allow all from SQL to Network A.

miamitech305

ASKER

If i create another zone, can the new zone have the same ip scheme as my LAN zone?

ASKER CERTIFIED SOLUTION

Syed Muhammad Usman

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

miamitech305

ASKER

ok, so when i create a new zone for example Zone ABC. I need to create the following rules.

LAN to ABC allow
ABC to LAN allow
Wlan to ABC allow
ABC to WLAN allow
WLAN to LAN DENY

This will allow users on LAN to see my SQL server still as if nothing changed and allow my users on the wireless only to see the SQL server and not my domain network? correct?

Syed Muhammad Usman

Dear,

Network A is your Corp Network
Network B is your Guest Network

you will create zone for Network B (ABC-Zone)

LAN to ABC allow
ABC to SQL SERVER AO ALLOW
ABC to LAN DENY ALL
ABC to WAN ALLOW ALL

miamitech305

ASKER

What does AO mean?