Fortigate Firewall - DMZ vs Interface ports

networking security firewall dmz fortinet
20,663

A DMZ is just a network design term that means that the network is firewalled in a way that it can not initiate traffic into a protected network. There isn't anything special about the port or that network for that matter. Although a port that's marked as DMZ from the firewall's software point of view may have different default firewall rule applied to it.

I don't know about the 50b but with the 60b you can unbridge all the internal ports and run different networks on each port. The firewall rules and all the other features of the FortiGate work fine between these networks. I used this approach to have multiple DMZs using a FortiGate 60b a couple years back. So I don't see any reason that this wouldn't work.

Share:
20,663

Related videos on Youtube

Amit Jain
Author by

Amit Jain

Updated on September 18, 2022

Comments

  • Amit Jain
    Amit Jain over 1 year

    I'm considering buying a Fortigate 50b (or Fortigate 60b) firewall to separate my web (iis) machine from the DB machine. (See http://www.fortinet.com/doc/FGT50_100DS.pdf)

    Till now the two servers were connected directly via a cross cable using the 2nd network card.

    The 50b model doesn't have a DMZ port.

    What does that mean? what is the difference between a firewall DMZ port to a interface port ? Is it not possible to create rules (block/allow port based traffic) on a interface port?

    P.S: I know that in general i should put any server connected to the wan(internet) on a DMZ port , but on our current firewall(Fortigate 200a) , any interface port can be used as dmz port..

    Thanks.

  • 3dinfluence
    3dinfluence about 12 years
    It's more of a marketing thing than anything else I would imagine. I can't possibly know all firewalls out there so maybe there are some that the distinction is important. But if the product has a flexible design it would really only be important if you can't, or don't want to, use VLANs to turn the ports available into the networks that you need. Or can't unbridge the internal ports to get the networks you need. It's also possible that you can't bridge the designated DMZ port with other ports so you won't be able to use it as an internal network port depending on how flexible it is.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Fortigate 40c Firewall Configuration
Should I dual home our webservers (DMZ/Internal network) or just do 1-to-1 NAT?
How to disable internet for a user on a system
How to set up an Ubuntu 10.04 machine to accept ssh requests only from within the local network?
How do I allow multiple ports simultaneously in UFW?
What are ICMP redirects and should they be blocked?
UDP packet and firewall
How to quickly Enable/Disable Internet Traffic so that it ONLY goes to ONE program?
iptables couldn't load target allow
How to block everything (all incoming and outgoing internet access) except those applications are in firewall white-list?