Table of Contents
Advertisement
If the servers on the DMZ servers have private IP addresses, you need to port forward
the services. See the section called Incoming Access in the chapter entitled Firewall.
Creating port forwarding rules automatically creates associated packet filtering rules to
allow access. However, you can also create custom packet filtering rules if you wish to
restrict access to the services.
You may also want to configure your SnapGear unit to allow access from servers on your
DMZ to servers on your LAN. By default, all network traffic from the DMZ to the LAN is
dropped. See the section called Packet Filtering in the chapter entitled Firewall.
Guest Network
Note
Not available on the SG300, SG530, SG550 or SG PCI appliances.
The intended usage of Guest connections is for connecting to a Guest network, i.e. an
untrusted LAN or wireless networks. Machines connected to the Guest network must
establish a VPN connection to the SnapGear unit in order to access the LAN, DMZ or
Internet.
By default, you can configure the SG's DHCP server to hand out addresses on a Guest
network, and the SG's VPN servers (IPSec, PPTP, etc.) to listen for connections from a
Guest network and establish VPNs. Aside from this, access to any LAN, DMZ or Internet
connections from the Guest network is blocked.
If you want to allow machines on a Guest network direct access to the Internet, LAN or
DMZ without first establishing a VPN connection, add packet filtering rules to allow
access to services on the LAN or Internet as desired. See the Packet Filtering section in
the chapter entitled Firewall for details.
Warning
Caution is advised before allowing machines on a Guest network direct access to your
LAN. This may make it a lot easier for an attacker to compromise internal servers.
75
Network Setup
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
