Results 1 to 4 of 4
  1. #1
    Untangler
    Join Date
    Sep 2007
    Posts
    31

    Default network layout and DMZ gateway questions

    I am about to re-do my schools existing network and switch over to an untangle appliance for our main firewall. A crude map of what we are going to is as follows, physically will be slightly different because all this will be done with vlans till it gets back to the untangle where then it will be untagged vlan switch ports connecting to the appropriate network adapters.

    router > netenforcer(QOS device, layer 2 bridge as well) > untangle >

    Lan(nat)> all lan machines and Active directory server/file servers (about 200 client machines in all)

    DMZ(bridge to external)> all public web servers (about 40 physical and virtual servers in all)

    student labs(nat)> all student machines (about 500 lab machines in all)


    My first question is, does this look like a good way to setup my campus? And the second is that for the servers inside the DMZ, should I have the gateway set as the public ip address of the untangle or should I have the gateway set as the upstream isp router?


    Also, on a side note, I have about 6 satellite campuses that are already on untangle appliances and I plan on using openvpn to connect these back to this main firewall. I have already setup the other campuses to use a slightly different subnet for each one and it seemed to work fine in my test environment, but wanted to check with some other professionals before i go live with this.


    Any critiques are very much appreciated. Thanks!

  2. #2
    Untangler
    Join Date
    Sep 2007
    Posts
    31

    Default

    Will somebody help me with at least the gateway ip question for public facing servers inside the DMZ?

    thanks!

  3. #3
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    Yep looks fine.

    Yes, DMZ servers are bridge by default so they should the router as the gateway (either will work technically)

    yes, as long as the subnets are separate, openvpn should be fine.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #4
    Untangler
    Join Date
    Sep 2007
    Posts
    31

    Default

    Thanks for the reply! I will use the untangle public ip as my DMZ server gateway for easy routing between servers and other internal networks. My isp owns the upstream router and every time i want to add any route statements or anything its like pulling teeth. You guys rule.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2