Currently, we have few frontend web servers + database server in the LAN. Frontend web servers need to contact database server for data access. NAT rule has been setup to map public IP to internal IP of the web servers.
Due to security reason, I am asked to moved all web servers to DMS zones.
1. Suppose original X0 is my internal network subnet and X1 is WAN link. Just I need to physically attach a switch to X2 and connect all web servers there ?
2. How should I say up the firewall rule, should I configure
WAN -> DMZ : Allow
DMZ -> Internal : Allow
3. How should I setup the NAT rule ?
For #2 & #3, is there any example to follow ? Tks