Throughout the article we will use the network parameters shown in the network diagram given below. Outbound traffic from LAN and DMZ is allowed while inbound traffic is restricted. The Web Server is hosted in the DMZ.
Network components
|
External IP address (Public)
|
IP address (Internal)
|
Web server
|
1.1.1.1
|
192.168.1.2 (Mapped)
|
For virtual hosts:
External IP: IP address through which Internet user’s access internal server.
Mapped IP: IP address bound to the internal server.
Configuration
Click OK and the Virtual Host for Web_Server will be added successfully.
Click Add Rule(s) to add the firewall rule.
You must be logged on to the Web Admin Console as an administrator with Read-Write permission for relevant feature(s).
Step 1: Create Virtual Host for Web server
Go to Firewall > Virtual Host > Virtual Host and click Add to add virtual host for Web Server with the parameters as specified in the table below.
Parameters
|
Value
|
Description
|
Basic Settings
| ||
Name
|
WebServer
| |
IP Family
|
IPv4
|
Select the IP Family.
Available Options:
· IPv4
· IPv6
|
External IP
|
1.1.1.1
|
Specify the external/public IP address on which the Host will be accessed.
|
Mapped IP
|
192.168.1.2
|
Specify the Internal/privateIP Address of the Web Server.
|
Physical Zone
|
DMZ
|
Specify the zone in which the host resides
|
Port Forwarding
| ||
Enable Port Forwarding
|
Enabled
|
Click to enable the service of port forwarding.
|
Protocol
|
TCP
|
Select the protocol TCP or UDP that you want the forwarded packets to use.
|
External Port Type
|
Port
|
Select the type of external port from the available options:
Available Options:
• Port
• Port Range
• Port List
|
External Port
|
80
|
Specify public port number for which you want to configure port forwarding.
|
Mapped Port Type
|
Port
|
Mapped Port Type - Select the type of mapped port from the available options:
Available Options:
• Port
• Port Range
• Port List
|
Mapped Port
|
80
|
Specify mapped port number on the destination network to which the public port number is mapped.
|
Click OK and the Virtual Host for Web_Server will be added successfully.
On clicking OK, the Add Firewall Rules For Virtual Host screen appears which allows you to create firewall rules to allow access to Web_Server from other zones such as WAN zone.
Enable Add Firewall Rule(s) For Virtual Host and set rule parameters as desired.
Click Add Rule(s) to add the firewall rule.
Note:
- In the given example, Virtual Host configuration for Web Server is shown. Virtual Host for other servers like Mail Server, FTP Server or
Database Server can be created similarly.
Database Server can be created similarly.
- While adding the Firewall Rule for the Virtual Host, it is recommended to allow only the required services corresponding to the
Server for security of the hosted server.
Server for security of the hosted server.
Step 3: Verify Firewall Rule(s)
1. Auto: Allows traffic from WAN to Server
To verify the Firewall Rules, go to Firewall > Rule > IPv4 Rule. Click to expand the DMZ – DMZ DMZ – WAN and WAN – DMZ firewall rules. As shown in the image, three firewall rules are created for the virtual host of Web Server as shown in the image below.
2. Reflexive: Ensures that traffic from Server to WAN is NATted.
3. Loopback: Allows access to server from the same zone, LAN or DMZ, in which Server is placed.
No comments:
Post a Comment