Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Setting up a dmz network

Posted on 2014-11-20
2
Medium Priority
?
711 Views
Last Modified: 2014-12-03
I want to be able to setup a dmz network for sensitive data as requested by one of my clients, what is the best way to do this? I have a MS based network with server 2008 as my dc and a draytek 2920 router.
0
Comment
Question by:dannyfccs
2 Comments
 
LVL 6

Expert Comment

by:Neadom Tucker
ID: 40454743
You can do this one of two ways.  I am not sure if your router supports this or not.  If so you will need a new router.

Option1: Single Router (pick your own interfaces I just called them eth0-3)
See image here: 3 Legged Firewall
Use your router to create a new network:
eth0: Client Network 192.168.1.0/24
eht1: DMZ Network 172.16.23.0/24
eth3: WAN Network [public network here]

You would then put your dmz server in that new network and create firewall rules to allow or disallow traffic to it.

Option 2: Dual Router
See Image here:Dual Router Configuration
This is a layered approach
Router 1 [WAN Facing]
eth0: WAN Network [public network here]
eth1: DMZ Network 172.16.23.0/24

Router 2 [LAN Facing]
eth0: DMZ Network 172.16.23.0/24
eth1: LAN Network 192.168.1.0/24

You will need to create static or dynamic routes on router 1 and 2 to direct traffic between them and allow traffic to and from the internet.  Option one is the least complex but least secure out of the two solutions.
0
 
LVL 5

Accepted Solution

by:
Abdul Khadja Alaoudine earned 1500 total points
ID: 40454748
Sensitive data should not be stored in DMZ network. Did you mean to say you need separate / isolated network for sensitive data?

Draytek 2920 support VLAN. You can create a separate VLAN network and assign it to one of the port on the Draytek. Then connect a separate switch to it. To that switch connect any clients or servers that need access to sensitive data. You can configure inter-LAN traffic not to be allowed between VLANs.
0

Featured Post

Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When posting a question about a Cisco ASA, Cisco Router or Cisco Switch, it can aid diagnosis if a suitably sanitised copy of the config is provided. It is much better to leave as much of the configuration as original as possible, as it could be tha…
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question