Comments

  • Note: We would ONLY RDP from internal to the DMZ PC. So, maybe we simply create a 2nd policy that allows Trusted --> DMZ PC : RDP port (whatever that port is)?
  • VERY related question: We have a PC in the DMZ (SNATed from outside). INTERNALLY, we have a policy that allows ONLY two PC's to talk and only one one port. DMZPC --> InternalPC (Trusted) : SpecificPort. This works well. HOWEVER - the DMZ PC also has a 2nd NIC. That is ON our internal (Trusted) network. Basically, so we can…
  • This is actually an interesting discussion. We have VLAN Guest (it's own dedicated IP block). It is routed via policy as VLAN Guest --> External (Port = ANY). I'm assuming that is a bit open? (Guest is Optional and External is -- well, the built in External). The idea is that guest can browse, download files if needed, and…