This section reviews the basic considerations to keep in mind when designing your DMZ and configuring it in App Net Manager.

For example, if you have two web servers and a mail server on your corporate network. These servers must be accessed both by machines on the LAN and machines on the Internet/WAN, so you would like them to reside separately from your corporate network to ensure that outside machines do not use these servers to launch intrusion attacks.

Create a DMZ by setting up a private subnet on your LAN consisting of only these three servers. On your Corente Services Gateway, set up an Ethernet interface that also resides on this private subnet. Register at least one alias for the gateway’s WAN interface that can be used for one of the web servers.

Configure a Default User Group – DMZ on your gateway in App Net Manager that includes the private subnet on which the mail server and web servers reside. For web traffic, register an HTTP application on the Applications tab for each web server Using the web server private IP addresses. For mail traffic, register two mail server applications on the Applications tab using the mail server’s private address. One application must allow POP traffic, and the other application must allows SMTP traffic.

To control access to the DMZ, edit your Firewall Policies and the DMZ to Internet Access and LAN to DMZ Access partners on the Partners tab of the gateway’s Location form.

If you would like to create a more definite set of permissions, this partner should have as many tubes as needed to access and control the DMZ servers. There should be at least three tubes: one for the first web server application, one for the second web server application, and one for the POP mail server application. You may also want to create a tube that allows the type of traffic needed to maintain and update all the DMZ servers from the LAN, using the Default User Group – DMZ and a Firewall Policy that allows only the type of traffic used to maintain and update the servers.