Solved

Setting up a dmz network

Posted on 2014-11-20
2
571 Views
Last Modified: 2014-12-03
I want to be able to setup a dmz network for sensitive data as requested by one of my clients, what is the best way to do this? I have a MS based network with server 2008 as my dc and a draytek 2920 router.
0
Comment
Question by:dannyfccs
2 Comments
 
LVL 6

Expert Comment

by:Neadom Tucker
ID: 40454743
You can do this one of two ways.  I am not sure if your router supports this or not.  If so you will need a new router.

Option1: Single Router (pick your own interfaces I just called them eth0-3)
See image here: 3 Legged Firewall
Use your router to create a new network:
eth0: Client Network 192.168.1.0/24
eht1: DMZ Network 172.16.23.0/24
eth3: WAN Network [public network here]

You would then put your dmz server in that new network and create firewall rules to allow or disallow traffic to it.

Option 2: Dual Router
See Image here:Dual Router Configuration
This is a layered approach
Router 1 [WAN Facing]
eth0: WAN Network [public network here]
eth1: DMZ Network 172.16.23.0/24

Router 2 [LAN Facing]
eth0: DMZ Network 172.16.23.0/24
eth1: LAN Network 192.168.1.0/24

You will need to create static or dynamic routes on router 1 and 2 to direct traffic between them and allow traffic to and from the internet.  Option one is the least complex but least secure out of the two solutions.
0
 
LVL 5

Accepted Solution

by:
Abdul Khadja Alaoudine earned 500 total points
ID: 40454748
Sensitive data should not be stored in DMZ network. Did you mean to say you need separate / isolated network for sensitive data?

Draytek 2920 support VLAN. You can create a separate VLAN network and assign it to one of the port on the Draytek. Then connect a separate switch to it. To that switch connect any clients or servers that need access to sensitive data. You can configure inter-LAN traffic not to be allowed between VLANs.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question