Solved

Setting up a dmz network

Posted on 2014-11-20
2
658 Views
Last Modified: 2014-12-03
I want to be able to setup a dmz network for sensitive data as requested by one of my clients, what is the best way to do this? I have a MS based network with server 2008 as my dc and a draytek 2920 router.
0
Comment
Question by:dannyfccs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 6

Expert Comment

by:Neadom Tucker
ID: 40454743
You can do this one of two ways.  I am not sure if your router supports this or not.  If so you will need a new router.

Option1: Single Router (pick your own interfaces I just called them eth0-3)
See image here: 3 Legged Firewall
Use your router to create a new network:
eth0: Client Network 192.168.1.0/24
eht1: DMZ Network 172.16.23.0/24
eth3: WAN Network [public network here]

You would then put your dmz server in that new network and create firewall rules to allow or disallow traffic to it.

Option 2: Dual Router
See Image here:Dual Router Configuration
This is a layered approach
Router 1 [WAN Facing]
eth0: WAN Network [public network here]
eth1: DMZ Network 172.16.23.0/24

Router 2 [LAN Facing]
eth0: DMZ Network 172.16.23.0/24
eth1: LAN Network 192.168.1.0/24

You will need to create static or dynamic routes on router 1 and 2 to direct traffic between them and allow traffic to and from the internet.  Option one is the least complex but least secure out of the two solutions.
0
 
LVL 5

Accepted Solution

by:
Abdul Khadja Alaoudine earned 500 total points
ID: 40454748
Sensitive data should not be stored in DMZ network. Did you mean to say you need separate / isolated network for sensitive data?

Draytek 2920 support VLAN. You can create a separate VLAN network and assign it to one of the port on the Draytek. Then connect a separate switch to it. To that switch connect any clients or servers that need access to sensitive data. You can configure inter-LAN traffic not to be allowed between VLANs.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question