Cisco Cisco IPS 4520 Sensor Weißbuch
38
Firewall
August 2012 Series
38
Next, you will add a network object for the private DMZ address of the web
server.
server.
Step 7:
Click
Add > Network Object
.
Step 8:
On the Add Network Object dialog box, in the
Name box
,
enter
a description for the web server’s private DMZ IP address. (Example:
dmz-webserver-ISPa)
dmz-webserver-ISPa)
Step 9:
In the
Type
list, select
Host
.
Step 10:
In the
IP Address
box, enter the web server’s private DMZ IP
address. (Example: 192.168.16.100)
Step 11:
Click the two down arrows. The
NAT
pane expands.
Step 12:
Select
Add Automatic Address Translation Rules
.
Step 13:
In the
Translated Addr
list, select the network object created in
Step 2. (Example: outside-webserver-ISPa)
Step 14:
Click
Advanced
.
Step 15:
In the Advanced NAT Settings dialog box, in the
Destination
Interface
list, select the interface name for the primary Internet connection,
and then click
OK
. (Example: outside-16)
Step 16:
In the Add Network Object dialog box, click
OK
.
Step 17:
On the Network Objects/Groups pane, click
Apply
.
Step 18:
If you are using the Dual ISP design with a resilient internet con-
nection, repeat this procedure for the secondary Internet connection.
If you are using the Single ISP design, proceed to Procedure 4.
Procedure 4
Configure security policy
The web DMZ offers HTTP and HTTPS service for the Internet. This could
provide capabilities to support employee/partner web-portal access, basic
customer service and support, small-scale eCommerce or B2B service, or
other appropriate tasks.
provide capabilities to support employee/partner web-portal access, basic
customer service and support, small-scale eCommerce or B2B service, or
other appropriate tasks.
Step 1:
Navigate to
Configuration > Firewall > Access Rules
.
Step 2:
Click the rule that denies traffic from the DMZ toward other
networks.