I have a server which is located inside interface a two layer firewalled intranet of a large corporate network. I would like to make this server accessible from Internet. What would be the best practice on providing public access to a intranet server? using another interface on server which is connected to a DMZ or by NAT directly its local address to a public address?
Any help or suggestions would be much appreciated. Thanks,
Your intention is to allow outsider to access your internal server in a double layer firewall setup.
Talking about best practice, for security reason, you should relocate the server out from your internal network and put it into DMZ. From here, mapped the server DMZ IP to a public IP to allow internet users coming into the server via permitted services. If this server need to communicate with other internal servers, use ACL to open and control access/service type.
Allowing outsider to directly access your internal server, especially for large corporate network is a bit risky as should any of the internet user (or hacker) managed to find way to hack into that server, he/she has a better oppportunity to do more damage to your network/system.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...