Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Installation and Upgrades / I need to allow EXTERNAL traffic to INTERNAL subnet... but where is this?
« on: October 24, 2013, 10:07:16 pm »
Hello people
I've installed Zentyal Community Edition 3.2 as a transparent proxy, inline with a bridged interface between my Firewall and my core switch, like this:
Internet -> FW (192.168.1.10) -> Zentyal (192.168.1.5 on br1) -> Core Switch (192.168.1.1) -> internal VLANS 192.168.x.x
and so far, so good! It is all working and I can monitor http traffic
My Zentyal box has TWO NICs, that are bridged together.
Also, we have a DMZ and a site-to-site tunnel to a remote location coming off our firewall.
Now, I need to add application control to block peer-to-peer traffic, but to do that, Zentyal tells me I must enable one interface as EXTERNAL.
When I do this, Zentyal blocks ALL inbound traffic on whichever interface I select as external, meaning either (1) we cannot access our DMZ or the remote site or (2) they cannot access us!
I've looked in the firewall settings, and there is NO option to allow EXTERNAL traffic to INTERNAL subnets, despite some forums posts referring to this option. Where has it gone?
I'm thinking that if I can open up external access from our DMZ and site-to-site tunnel ONLY, then I can still enable the EXTERNAL interface and have my application control
Please advise
Thank you
I've installed Zentyal Community Edition 3.2 as a transparent proxy, inline with a bridged interface between my Firewall and my core switch, like this:
Internet -> FW (192.168.1.10) -> Zentyal (192.168.1.5 on br1) -> Core Switch (192.168.1.1) -> internal VLANS 192.168.x.x
and so far, so good! It is all working and I can monitor http traffic
My Zentyal box has TWO NICs, that are bridged together.
Also, we have a DMZ and a site-to-site tunnel to a remote location coming off our firewall.
Now, I need to add application control to block peer-to-peer traffic, but to do that, Zentyal tells me I must enable one interface as EXTERNAL.
When I do this, Zentyal blocks ALL inbound traffic on whichever interface I select as external, meaning either (1) we cannot access our DMZ or the remote site or (2) they cannot access us!
I've looked in the firewall settings, and there is NO option to allow EXTERNAL traffic to INTERNAL subnets, despite some forums posts referring to this option. Where has it gone?
I'm thinking that if I can open up external access from our DMZ and site-to-site tunnel ONLY, then I can still enable the EXTERNAL interface and have my application control
Please advise
Thank you
Pages: [1]