Did ASA5500X series supports DMZ configuration

LAKSHMAN KUMAR SANAPALA · ‎11-22-2013

Hi

Did ASA5500x series supports DMZ configuration ?

Thanks & Regards

Lakshman Kumar S

Jouni Forss · ‎11-22-2013

Hi,

I am not sure understand the question?

You are able to configure interfaces/subinterfaces for network segments that you want to isolate on the firewall from all your other LAN networks. As long as the DMZ network is behind its own interface/subinterface on the ASA then you can naturally limit connectivity as you wish on the interface ACL.

- Jouni

LAKSHMAN KUMAR SANAPALA · ‎11-22-2013

i just want to create a DMZ port , since it doesnt have the dedicated port . is it possible ?

Jouni Forss · ‎11-22-2013

Hi,

All interface except for the Management port are the same. Its how you configure the interfaces and their rules that defines what the ports role is.

For example, if you were to configure a setup where you have

One physical interface connected to ISP
One physical interface connected to LAN
One physical interface connected to DMZ

Then you might configure the ASA so that hosts behind LAN interface are allowed to connect anywhere. DMZ interface might be configured to block almost all traffic towards the LAN networks. on the ISP/WAN interface you would probably allow certain services to servers on the DMZ while blocking all other traffic.

But as I said, the ASA doesnt have any specific port that you would use as the DMZ port. You can use any port (Not the Management) and create configurations and rules for it so its that which is required of a DMZ.

Hope this helps

- Jouni