dmz tunneled over WAN

carl_townshend · ‎02-10-2009

Hi all, if I have a firewall on my central site, but want to host the DMZ on another site, would it be possible to get this across a wan link etc? would the only option be to bridge?

cheers

Carl

ccannon88567 · ‎02-10-2009

If you did it this way you would be best with a LES link to a DMZ switch on the other site. It would be bridged, but you would need your Gateway out to the internet or the untrusted Network on the Remote site also.

carl_townshend · ‎02-10-2009

Are there any other options than this ?

ccannon88567 · ‎02-10-2009

Carl,

You could actually do this with the Gateway on the same site as the firewall. On the outside interface of the firewall you could have a switch and then bridge to another switch on the remote site. Total of 2 switches in the DMZ.

If it's not possible to bridge between sites then you would need routed links and you would just have to NAT to remote site.

I am presuming you have servers on remote site which you cannot move to your firewall DMZ?

ccannon88567 · ‎02-10-2009

A quick diagram of how I would do it, we do this a lot in our organistion.