FORTIGATE FIREWALL HOW TO
DMZ

www.ipmax.it
INTRODUCTION
Almost every network needs to expose some systems to the public Internet. These
systems should be reachable f...
CONFIGURING A DMZ
To configure a DMZ you should configure an interface to be connected to your DMZ
network.
Go to System >...
CONFIGURING A DMZ - CONTINUED
In the configuration menu give a Name to the virtual IP object and select the
Internet facin...
CONFIGURING LOGGING – CONTINUED
Now we have to configure a new rule to allow traffic from the outside going to the
DMZ.
Th...
MORE NEEDS?
See hints on www.ipmax.it
Or email us your questions to info_ipmax@ipmax.it
IPMAX
IPMAX is a Fortinet Partner in Italy.
IPMAX is the ideal partner for companies seeking quality in products and
servi...
Upcoming SlideShare
Loading in...5
×

FortiGate Firewall HOW-TO - DMZ

6,754

Published on

In the following slides we will show you how to create a #DMZ using the #FortiGate
#Firewall. See next chapters on #FortiGate configuration. Stay with us!

Published in: Technology
1 Comment
0 Likes
Statistics
Notes
  • Thanks for sharing ! Interesting :-)
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Views
Total Views
6,754
On Slideshare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
87
Comments
1
Likes
0
Embeds 0
No embeds

No notes for slide

FortiGate Firewall HOW-TO - DMZ

  1. 1. FORTIGATE FIREWALL HOW TO DMZ www.ipmax.it
  2. 2. INTRODUCTION Almost every network needs to expose some systems to the public Internet. These systems should be reachable from the outside and, in the meanwhile, be protected against external attacks. This kind of configuration is obtained through the use of DMZs, which allow the access to only explicitly allowed services and hide the real server IP address. In the following slides we will show you how to create a DMZ using the FortiGate Firewall. In our configuration, we will use a single IP address (Internet side) and only the http/https service will be permitted. Keep in mind that you need a static IP address on the Internet facing interface in order to implement a DMZ always reachable from the outside!
  3. 3. CONFIGURING A DMZ To configure a DMZ you should configure an interface to be connected to your DMZ network. Go to System > Network > Interfaces and choose the DMZ facing interface. Only a static IP address should be configured, the remaining part of the configuration will be implemented elsewhere. A DMZ on the FortiGate firewall uses the concept of virtual IP addresses. These objects are a static NAT association between the public IP address and the internal server. Go to Firewall Objects > Virtual IPs > Virtual IPs and create your first Virtual IP (we will need two objects, one for the http service and the other one for the https).
  4. 4. CONFIGURING A DMZ - CONTINUED In the configuration menu give a Name to the virtual IP object and select the Internet facing interface (External Interface). Two more configurations will be needed, there is where the static NAT happens. In our example we have the Internet facing interface with an IP address of 172.29.130.86 and a web server with a private IP address of 192.168.254.2. Checking the Port Forwarding box, we can map the TCP port for the internal service to the TCP port we will expose to the Internet. The same configuration will be needed for the https service: create a new virtual IP object for the new mapping using port 443 instead of 80.
  5. 5. CONFIGURING LOGGING – CONTINUED Now we have to configure a new rule to allow traffic from the outside going to the DMZ. This time the communication session will go from the outside to the inside, so a reverse rule will be needed. Follow the example onto the right in order to configure the policy for the DMZ. As you could see, the incoming interface is the Internet facing one and the source address is “all” (everyone could connect to our server). The destination address is the Virtual IP object we have just configured for http and the service allowed is the same. Add the Virtual IP object and the https service to this rule (using the green plus buttons) in order to allow https also.
  6. 6. MORE NEEDS? See hints on www.ipmax.it Or email us your questions to info_ipmax@ipmax.it
  7. 7. IPMAX IPMAX is a Fortinet Partner in Italy. IPMAX is the ideal partner for companies seeking quality in products and services. IPMAX guarantees method and professionalism to support its customers in selecting technologies with the best quality / price ratio, in the design, installation, commissioning and operation. IPMAX srl Via Ponchielli, 4 20063 Cernusco sul Naviglio (MI) – Italy +39 02 9290 9171
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×