[fw-wiz] Webmail Server in DMZ

From: Michael H (af_pilot33_at_hotmail.com)
Date: 05/14/04

  • Next message: ArkanoiD: "Re: [fw-wiz] Worms, Air Gaps and Responsibility"
    To: firewall-wizards@honor.icsalabs.com
    Date: Thu, 13 May 2004 16:53:53 -0700
    
    

    Greetings,

    I'm setting up a dmz for the first time and would like to put a front end
    web mail server in the dmz to get another layer between my mail server and
    the outside world. I'm using the Cisco site
    www.cisco.com/warp/public/110/mailserver_dmz.html as my guide, but still
    have some questions.

    Here is my network:
                             Webmail
                             Frontend
    Email 172.x.x.x
    Backend | A.B.C.D
    10.x.x.x --------------PIX--------------Internet

    I need to pass traffic, obviously from the Frontend to the Backend server,
    to include https traffic. Here is my guess as to what I need:

    static (dmz, outside) A.B.C.D 172.x.x.x netmask 255.255.255.255 0 0
    static (inside, dmz) 172.x.x.x 10.x.x.x netmask 255.255.255.255 0 0

    access-list dmz_https permit tcp any host A.B.C.D eq https
    access-list inside_https permit tcp any host 172.x.x.x eq https

    access-group dmz_https in interface outside
    access-group inside_https in interface dmz

    I would include any additional protocols in the dmz/inside https ACL
    necessary, but I'm wondering if my logic is sound. As I said, I'm new to
    having a dmz and not a pix guru by any means. Any input on how to do this or
    suggestions on better ways of accomplishing my task are greatly appreciated.

    regards,
    Michael

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: ArkanoiD: "Re: [fw-wiz] Worms, Air Gaps and Responsibility"