Table of Contents
Advertisement
Note:
Both devices should have identical High Availability configuration, including the list of
interfaces, shared IP addresses, and the interface configured as the checked interface.
DMZ Network
Note
Not available on the SG300, SG530, SG550 or SG PCI appliances.
A DMZ (de-militarized zone) is a
physically separate LAN segment,
typically used to host servers that are
publically accessible from the Internet.
Servers on this segment are isolated to
provide better security for your LAN. If an
attacker compromises a server on the
LAN, then the attacker immediately has
direct access to your LAN. However, if an
attacker compromises a server in a DMZ,
they are only able to access other
machines on the DMZ.
In other words, by default the SnapGear unit blocks network traffic originating from the
DMZ from entering the LAN. Additionally, any network traffic originating from the Internet
is blocked from entering the DMZ and must be specifically allowed before the servers
become publically accessible. However, network traffic originating from the LAN is
allowed into the DMZ and network traffic originating from the DMZ is allowed out to the
Internet.
The section Services on the DMZ Network discusses how to allow certain traffic from the
Internet into the DMZ. To allow public access to the servers in the DMZ from the
Internet, this step must be performed. You may also allow certain network traffic
originating from the DMZ into the LAN, however this is not usually necessary.
Network Setup
73
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
