setting up a DMZ

djy

djy

New Member
would configuring a VLAN on a switch count as a DMZ or would it only be from the router?
 
No, these are two separate entities/subjects. Both can be configured through a router. You can have a fully secured VLAN or you can open up a DMZ to a specific computer on that VLAN. One does not equal the other, but they can be used in conjunction with each other.

What are you trying to accomplish in particular?
 
Zatharus said:
No, these are two separate entities/subjects. Both can be configured through a router. You can have a fully secured VLAN or you can open up a DMZ to a specific computer on that VLAN. One does not equal the other, but they can be used in conjunction with each other.

What are you trying to accomplish in particular?
Click to expand...

its just for a college project
i have 3 buildings i will connect by VPN the main office will hold the web server hosting the intranet.

i need to make up scenarios and pick the best option the router im using has 3 10/100 interfaces so the scenarios i will be using will be.

firewall>router>switch x2>devices

firewall>router> web server(DMZ)> switch split into 4 VLANS>devices

firewall>router> switch split into 5 VLANS with the webserver on its own VLAN>devises

i was wondering if scenario c would count as a DMZ but as you have said it wont.

i will be using scenarioo b :good:

thanks for your help
 
Which server? Assuming you mean "Server 1" coming off router, you could enable that device's IP as a DMZ from the router, yes.

What I'm wondering about, however, is why you have your "Firewall" server off on its own? It isn't protecting anything except maybe itself.
 
all incoming connections will pass through the firewall before accessing the router

would that not work?

i based it on this
Firewall-A2.gif
 
Ah, OK. That makes sense then, yes. It was not clear where your internet feed was connecting. I normally think of it coming into the router first, but a server/firewall then router will work just fine.

Just curious: With your VLAN setup, is the intent to have all of the computers/offices on their own network?
 
yes its to split up the rooms onto there own network its not necessery but its for a college project so the more technologies we incorporate into the network the higher the mark i will receive.

thanks very much for the advice :good:
 
You must log in or register to reply here.
Back
Top