CIS425 Firewall HW#4
You are tasked with implementing a rule set for two firewalls protecting your network in a DMZ configuration. Internal computers are running Windows operating systems. In the following table create a rule set to implement the following requirements. NAT occurs just inside the perimeter firewall.
DMZ Servers
Purpose
Private IP
Public IP
Web proxy
192.168.10.10
150.150.150.10
FTP Proxy
192.168.10.11
150.150.150.11
DNS
192.168.10.20
150.150.150.20
Web server - public
192.168.10.30
150.150.150.30
Web server - corporate only
192.168.10.40
150.150.150.40
Email
192.168.10.50
150.150.150.50
Internal network servers
Purpose
Private IP
Microsoft SQL Server Database
10.50.50.100
Requirements
Workstations
• User workstations are on the two subnets 10.10.10.0/24 and 10.20.20.0/24
• User workstations can access web servers on the Internet (http and https) but only via a proxy server which resides in the DMZ
• User workstations can access ftp servers on the Internet but only via an FTP proxy server which resides in the DMZ
• User workstations can access the DNS server which resides in the DMZ
DMZ Servers
• Web proxy may access web servers on the internet
• FTP proxy may access FTP servers on the internet
• DNS server will accept incoming requests from both internal workstations and from the Internet.
• DNS server will accept zone transfer requests from other name servers on the internet
• The public web server will accept requests from the internet only via HTTP
• The corporate web server will accept requests from the internet only via HTTPS
• The corporate web server will make connections to the internal Microsoft SQL Server database on its default port.
• The email server will accept SMTP requests from the internal network and the Internet. It will also make SMTP requests to other email servers on the Internet.
Internal Server
• The internal Microsoft SQL Server database server will accept incoming connections from the corporate web server in the DMZ