Provide access to the Internet with an Airwall Gateway in the DMZ
Provide Access to the Internet with an \ Airwall Gateway in the demilitarized zone (DMZ).
If you have protected devices that need access to the Internet (to get updates from Windows Update, or report to a cloud reporting service that is not protected by an Airwall Gateway, Agent, or Server, for example), you can provide that access by putting an Airwall Gateway in the DMZ (demilitarized zone, or perimeter network).
How to Provide Access as Securely as Possible
When you put an Airwall Gateway in the DMZ, basically the entire world is a “Trusted Device” for the Overlay, so you need to tightly control the access into the Airwall Gateway Overlay. To do this, you must:
- Locate the Airwall Gateway in the DMZ adjacent to the firewall
- Configure strong firewall policies regarding traffic to and from the Overlay.
- Have a security policy on your firewall that doesn't open the HIP tunnel up to the entire world.
Use the following guidelines to provide access in the most secure way possible.
Before you Begin
This procedure requires the following:
- Conductor V2.2x or later
- A physical or virtual Airwall Gateway v2.2.x or later to use as the DMZ Airwall Gateway.
Before you configure a Airwall Gateway in the DMZ, you must:
- Have a firewall or switch set up on your network and connected to the Internet.
- Have an open port on your firewall or switch to connect the Airwall Gateway.