Virtual Server can be reached the puepose of port mapping to a specific server on LAN1 through WAN.
Isn't DMZ just a LAN with a set of strict network policies?So why not dedicate LAN2 as a DMZ and use firewall security policies to enfocre your inbound rules?If you need access to your web server from the Internet, then ITPro is right. Use Virtual Server under firewall settings.Your Virtual server entry would look something like this: Uplink: WAN 1 Public IP: 126.96.36.199 Public Port: 55000 LAN IP: 172.16.1.100 (your web server IP) Local Port: 443 (for HTTPS) Allowed remote IP: any Description: Web_serviceSo if you need to access your Web server from the Internet, the URL needed would be "https://188.8.131.52:55000"
If it is possible to be LAN2 as DMZ, then set the outbound rule to restrict the traffic from LAN2 to LAN1 to protect with. Virtual server is still set from WAN to LAN. it may be a workaround to realize on NSG.
Hi all Nebula Users,
DMZ is a feature to
create a public zone in your network so that you can put your public servers in
that zone for public access. Its typical rule is to allow traffic from WAN
& LAN, but disallow traffic from DMZ to LAN.
Although currently you can’t find “DMZ” in NSG menu, you
still can achieve it by combining the customized
Outbound rules and Virtual Server settings. The detail information is as
Demilitarized Zone /
The DeMilitarized Zone (DMZ) provides a way for public
servers (Web, e-mail, FTP, etc.) to be visible to the outside world (while
still being protected from DoS (Denial of Service) attacks such as SYN flooding
and Ping of Death). These public servers can also still be accessed from the
Internet users can have access to host servers on the DMZ
but no access to the LAN, unless special filter rules allowing access were
configured by the administrator or the user is an authorized remote user.
What should we do on USG?
[ Steps to realize on USG: set up native DMZ ]
How to realize DMZ on NSG?
DMZ is a native feature on USG, and because the firewall rules
are set up well by default, there are two steps need to be configured. Although
there is not native feature on NSG, we can dedicate LAN/VLAN as a DMZ to
[ Steps to realize on NSG: set LAN/VLAN as a DMZ ]
Before Nebula Phase III, we can dedicate a LAN/VLAN as
After Nebula Phase III, we can dedicate a Guest zone
as a DMZ.