Solved

Setting up a dmz network

Posted on 2014-11-20
2
633 Views
Last Modified: 2014-12-03
I want to be able to setup a dmz network for sensitive data as requested by one of my clients, what is the best way to do this? I have a MS based network with server 2008 as my dc and a draytek 2920 router.
0
Comment
Question by:dannyfccs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 6

Expert Comment

by:Neadom Tucker
ID: 40454743
You can do this one of two ways.  I am not sure if your router supports this or not.  If so you will need a new router.

Option1: Single Router (pick your own interfaces I just called them eth0-3)
See image here: 3 Legged Firewall
Use your router to create a new network:
eth0: Client Network 192.168.1.0/24
eht1: DMZ Network 172.16.23.0/24
eth3: WAN Network [public network here]

You would then put your dmz server in that new network and create firewall rules to allow or disallow traffic to it.

Option 2: Dual Router
See Image here:Dual Router Configuration
This is a layered approach
Router 1 [WAN Facing]
eth0: WAN Network [public network here]
eth1: DMZ Network 172.16.23.0/24

Router 2 [LAN Facing]
eth0: DMZ Network 172.16.23.0/24
eth1: LAN Network 192.168.1.0/24

You will need to create static or dynamic routes on router 1 and 2 to direct traffic between them and allow traffic to and from the internet.  Option one is the least complex but least secure out of the two solutions.
0
 
LVL 5

Accepted Solution

by:
Abdul Khadja Alaoudine earned 500 total points
ID: 40454748
Sensitive data should not be stored in DMZ network. Did you mean to say you need separate / isolated network for sensitive data?

Draytek 2920 support VLAN. You can create a separate VLAN network and assign it to one of the port on the Draytek. Then connect a separate switch to it. To that switch connect any clients or servers that need access to sensitive data. You can configure inter-LAN traffic not to be allowed between VLANs.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hi there, This article summarizes what you need if you are going to set up your home or small business Network Attached Storage (NAS) to be accessible from the internet. Of course there are configuration differences based on your NAS or router ma…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question