Hi, hope some one can help me in a sophisticated multi DMZ configuration. I'm trying to implement firewall separation for my subneted valid IP range, please take a look on the simple sketch of the simplified design I have attached;
1- the default gw interface is the WAN interface, all outbound traffic goes through it
2- I need to snat/masquerade the lan (or lans) to one of the valid IP's in the range of dmzs (or dmz interface addresses)
3- dmz ranges have valid ip, and outbound traffic must go to wan with no natting
4- how can I block multiple dmz networks to access each other(firewall rules) and only have access to internet through WAN
I would be thankful for some suggestions
[currently trying Sophos UTM essential firewall, will be replaced by hardware Sophos appliance]
1- the default gw interface is the WAN interface, all outbound traffic goes through it
2- I need to snat/masquerade the lan (or lans) to one of the valid IP's in the range of dmzs (or dmz interface addresses)
3- dmz ranges have valid ip, and outbound traffic must go to wan with no natting
4- how can I block multiple dmz networks to access each other(firewall rules) and only have access to internet through WAN
I would be thankful for some suggestions
[currently trying Sophos UTM essential firewall, will be replaced by hardware Sophos appliance]