Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
8911
Views
0
Helpful
0
Comments

How to configure the demilitarized zone (DMZ) interface in the ASA 5500 Series Firewalls

TCC_2
Level 10
Level 10

‎06-17-2009 10:08 PM - edited ‎03-08-2019 06:00 PM

DMZ:


A DeMilitarized Zone (DMZ) is a part of a network separated from other systems by a Firewall which allows only certain types of network traffic to enter or leave. A DMZ or perimeter network is a network area (a subnetwork) that sits between an organisation's internal network and an external network, usually the Internet. For example, Public web servers might be placed in such a DMZ. With the DMZ approach, large companies with complex e-commerce Internet and extranet applications may have a two-tiered approach to firewall security.


Core issue

A DMZ network enables Internet users to access the public servers of a company, which includes web servers and FTP servers.

The DMZ network maintains the security for a company's private LAN.

Resolution

The configuration of the DMZ in the device can be broadly divided into these three parts:

  • Interface Security Level Traffic is allowed from a higher security interface to a lower security interface by default. But, the reverse case is blocked.

    Each interface has a unique name and security level that you can change using the nameif command. By default, Ethernet0 is named outside and assigned the level security 0. Ethernet1 is named inside with the level security 100.The default security level of perimeter interfaces starts at security 10 for Ethernet2 (DMZ interface). You can choose any unique security level between 1 and 99 for a perimeter interface.

    For more information on interface name and security level, refer to the Changing Interface Names or Security Levels section of Establishing Connectivity.

  • Translation Rules Translation rules can be dynamic nat, global, or static.

  • Traffic Permission Rules Traffic Permission rules are access-list and access-group rules applied in the configuration of the firewall to permit the traffic to go through the interface.

For more information on the DMZ configuration, refer to DMZ Configuration in ASA using ASDM and Mail Server Access on the DMZ Configuration Example.


Client Location on Network with PIX

DMZ

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents