Anyone Using DMZ?

DerrickL
Here to help

Anyone Using DMZ?

Throughout my 10 career (the past 11 years) I've always been told the importance of using a DMZ but never worked for a company that made it a priority to create one. I'd really like to set one up at my current company but have not come across many people using one in the Meraki Reddit or Community forums. While did read through the Meraki DMZ guide, I'm just starting to wonder if DMZ's are still a thing in the Meraki world or is NAT/port forwarding the way of the world?

6 Replies 6
cmr
Kind of a big deal
Kind of a big deal

We do have a DMZ and have rules from WAN to DMZ, WAN to LAN (but only with reverse proxy) and DMZ to LAN.  Ideally we shouldn't have any WAN to LAN, but nobody's perfect!

 

Unfortunately this isn't with Meraki...

If my answer solves your problem please click Accept as Solution so others can benefit from it.
DerrickL
Here to help

I find this so common with many companies. I don't think any of us are as secure as IT auditors would like us to be. I think the key is in the monitoring and watching out for strange activity.

PhilipDAth
Kind of a big deal
Kind of a big deal

I have quite a few Meraki customers with a DMZ.

Nash
Kind of a big deal

I've used DMZ at clients before. Did you have specific questions about how to do it in Meraki world?

DillonofAnch17
Getting noticed

@Nash I have questions on how you set up a proper DMZ.

 

 

1. What was your hardware setup

2. How did you configure the SD-Wan portion

KRobert
Head in the Cloud

We use a Meraki MX as a Firewall appliance and have DMZ networks on it. Essentially create a separate VLAN for each DMZ and in the Firewall rules, deny all access from the DMZs to the Internal network and other DMZs. We then connected the MX to a core router that has another MX handling the SD-WAN VPN. This allows you to restrict DMZ access as @cmr said.
CMNO, CCNA R+S
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels