Forum Discussion
Dustin_132959
Nimbostratus
NimbostratusLTM - DMZ Routing
We have 2 VLANs setup for a specific partition on our LTM. One is for their production servers, the other is intended to act as a DMZ as there is a particular server that needs a lot of ports opened to it from the Internet. To reduce the security risk of opening so many ports to the production network, another VLAN was created for this server to sit on. However, this server still needs to access select devices on their production network, but only using 1 port. How can I allow communication from the server in the DMZ to specific devices on their production network? Is setting up Layer 4 virtual servers the only to acheive this without completely opening the communication between the two VLANs? Is there a way that I can allow communication between the 2 networks, but restrict what devices it has access to without creating a virtual server for every device this server needs to communicate with on the production network?
Any assistance is appreciated.
Thank you.
nitassEmployee
How can I allow communication from the server in the DMZ to specific devices on their production network?
just wondering if host virtual server (i.e. server in production network) with specific source setting (i.e. dmz server) is usable.
Dustin_132959Thank you for your reply. What would the wildcard server point to, the entire subnet on the DMZ?
What_Lies_Bene1Cirrostratus
You could create a wildcard virtual server, enable it only on the DMZ VLAN and apply an access list as necessary?