DMZ-out-DMZ help!

iirvine — Tue, 12 Mar 2019 01:16:15 GMT

I have a server in our DMZ which monitors one of my https site which is also in the DMZ

Monitioring system in the DMZ 10.100.100.10 (nat-ed IP address say = 11.11.21.10)

HTTPS ip address in DMZ 10.100.100.20 (nat-ed IP address say = 11.11.21.20)

What im trying to do is monitor the external ip address of the https web site e.g.

DMZ --> Out "then back in" Out--> DMZ

Is it possible to do this or is it not possible to go out from the DMZ to the external interface and for it to come back in to the DMZ?

DMZ-out-DMZ help!

Jouni Forss — Tue, 19 Mar 2013 12:04:48 GMT

Hi,

Generally it would be simpler just to monitor the server using the local IP address since the monitoring host is in the same local network.

If you want to specifically monitor the public/NAT IP address that is used towards some other interface than "DMZ" then you will have to play around with NAT which I personally dont like myself.

You would probably need to do a NAT that has the DMZ as both the source and destination interface. Possibly also a Dynamic NAT and a "same-security-traffic permit intra-interface"

What software are you using on the firewall?

And what is you current NAT configuration?

- Jouni

topic DMZ-out-DMZ help! in Network Security

DMZ-out-DMZ help!

DMZ-out-DMZ help!