[fw-wiz] Webmail Server in DMZ
From: Michael H (af_pilot33_at_hotmail.com)
Date: 05/14/04
- Previous message: Paul D. Robertson: "RE: [fw-wiz] Worms, Air Gaps and Responsibility"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall-wizards@honor.icsalabs.com Date: Thu, 13 May 2004 16:53:53 -0700
Greetings,
I'm setting up a dmz for the first time and would like to put a front end
web mail server in the dmz to get another layer between my mail server and
the outside world. I'm using the Cisco site
www.cisco.com/warp/public/110/mailserver_dmz.html as my guide, but still
have some questions.
Here is my network:
Webmail
Frontend
Email 172.x.x.x
Backend | A.B.C.D
10.x.x.x --------------PIX--------------Internet
I need to pass traffic, obviously from the Frontend to the Backend server,
to include https traffic. Here is my guess as to what I need:
static (dmz, outside) A.B.C.D 172.x.x.x netmask 255.255.255.255 0 0
static (inside, dmz) 172.x.x.x 10.x.x.x netmask 255.255.255.255 0 0
access-list dmz_https permit tcp any host A.B.C.D eq https
access-list inside_https permit tcp any host 172.x.x.x eq https
access-group dmz_https in interface outside
access-group inside_https in interface dmz
I would include any additional protocols in the dmz/inside https ACL
necessary, but I'm wondering if my logic is sound. As I said, I'm new to
having a dmz and not a pix guru by any means. Any input on how to do this or
suggestions on better ways of accomplishing my task are greatly appreciated.
regards,
Michael
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Paul D. Robertson: "RE: [fw-wiz] Worms, Air Gaps and Responsibility"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
