Hello everyone
I want to set up a DMZ on a physical interface of my UTM.
Therefore I configured a /24 IP range on that interface. The port is connected to a top-of-rack switch where the port has a port-based VLAN.
This VLAN is tagged to the trunk-interfaces so it can be deployed on ports elsewhere (e.g. in the second datacenter).
See attached graphic.
I just want to check some basics:
First of all I was able to ping the UTM-DMZ address from a client network, even though no firewall rule was defined yet to allow traffic from LAN to DMZ.
Why?
Second:
I wouldn't need a gateway or static route right? All DMZ-servers would have an address in the DMZ-interface-network and everything would work w/o any internal routing right? (So traffic for 10.1.0.x would always leave via the DMZ-interface)
All very basic stuff but today I wasn't able to ping the ASG interface from a client on the VLAN 2 on the core switch (but maybe a core-switch issue I guess :()
Best regards
I want to set up a DMZ on a physical interface of my UTM.
Therefore I configured a /24 IP range on that interface. The port is connected to a top-of-rack switch where the port has a port-based VLAN.
This VLAN is tagged to the trunk-interfaces so it can be deployed on ports elsewhere (e.g. in the second datacenter).
See attached graphic.
I just want to check some basics:
First of all I was able to ping the UTM-DMZ address from a client network, even though no firewall rule was defined yet to allow traffic from LAN to DMZ.
Why?
Second:
I wouldn't need a gateway or static route right? All DMZ-servers would have an address in the DMZ-interface-network and everything would work w/o any internal routing right? (So traffic for 10.1.0.x would always leave via the DMZ-interface)
All very basic stuff but today I wasn't able to ping the ASG interface from a client on the VLAN 2 on the core switch (but maybe a core-switch issue I guess :()
Best regards