03-23-2015 10:03 AM
We have an interface on our controller connected into a dmz, and the Guest role simply uses a Route to ESI policy to reditect ANY traffic to our internet gateway in the dmz. Ass this pushes ANY traffic towards the dmz, do we need any DENY rules, as I would assume that ANY and all traffic would simply be getting pushed towards to the dmz, so in way, would be completely isolated from our internal lan.
This role simply consists of allow dhcp and dns (served by a server in the dmz), the route any traffic towards an interface in the dmz, so I would assume this would then also act to protect anything not in the dmz... is this correct??
03-23-2015 11:35 AM
Is the role having any policy to redirect the traffic to the DMZ ? if yes then you have enough policies to work.
In these type of scenarios we need to have "logon-control" role which will allow only, DHCP, DNS,ICMP and NATT traffic along with a policy which will redirect the rest of the traffic to the DMZ.
Hope got some clarity on this,
Please feel free for any further queries on this.
[Is my post helped you ? Give Kudos :) ]