Solved

Setting up a dmz network

Posted on 2014-11-20
2
623 Views
Last Modified: 2014-12-03
I want to be able to setup a dmz network for sensitive data as requested by one of my clients, what is the best way to do this? I have a MS based network with server 2008 as my dc and a draytek 2920 router.
0
Comment
Question by:dannyfccs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 6

Expert Comment

by:Neadom Tucker
ID: 40454743
You can do this one of two ways.  I am not sure if your router supports this or not.  If so you will need a new router.

Option1: Single Router (pick your own interfaces I just called them eth0-3)
See image here: 3 Legged Firewall
Use your router to create a new network:
eth0: Client Network 192.168.1.0/24
eht1: DMZ Network 172.16.23.0/24
eth3: WAN Network [public network here]

You would then put your dmz server in that new network and create firewall rules to allow or disallow traffic to it.

Option 2: Dual Router
See Image here:Dual Router Configuration
This is a layered approach
Router 1 [WAN Facing]
eth0: WAN Network [public network here]
eth1: DMZ Network 172.16.23.0/24

Router 2 [LAN Facing]
eth0: DMZ Network 172.16.23.0/24
eth1: LAN Network 192.168.1.0/24

You will need to create static or dynamic routes on router 1 and 2 to direct traffic between them and allow traffic to and from the internet.  Option one is the least complex but least secure out of the two solutions.
0
 
LVL 5

Accepted Solution

by:
Abdul Khadja Alaoudine earned 500 total points
ID: 40454748
Sensitive data should not be stored in DMZ network. Did you mean to say you need separate / isolated network for sensitive data?

Draytek 2920 support VLAN. You can create a separate VLAN network and assign it to one of the port on the Draytek. Then connect a separate switch to it. To that switch connect any clients or servers that need access to sensitive data. You can configure inter-LAN traffic not to be allowed between VLANs.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Hello All, I have been training on Multicast for a while now and whenever I start the topic , I find out that my friends /  Colleagues mention that they do not know how to test Multicast Joins. As most of the multicast would be video traffic and …
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question