cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Anyone Using DMZ?

Here to help

Anyone Using DMZ?

Throughout my 10 career (the past 11 years) I've always been told the importance of using a DMZ but never worked for a company that made it a priority to create one. I'd really like to set one up at my current company but have not come across many people using one in the Meraki Reddit or Community forums. While did read through the Meraki DMZ guide, I'm just starting to wonder if DMZ's are still a thing in the Meraki world or is NAT/port forwarding the way of the world?

6 REPLIES 6
Kind of a big deal
Kind of a big deal

Re: Anyone Using DMZ?

We do have a DMZ and have rules from WAN to DMZ, WAN to LAN (but only with reverse proxy) and DMZ to LAN.  Ideally we shouldn't have any WAN to LAN, but nobody's perfect!

 

Unfortunately this isn't with Meraki...

Here to help

Re: Anyone Using DMZ?

I find this so common with many companies. I don't think any of us are as secure as IT auditors would like us to be. I think the key is in the monitoring and watching out for strange activity.

Kind of a big deal

Re: Anyone Using DMZ?

I have quite a few Meraki customers with a DMZ.

Kind of a big deal

Re: Anyone Using DMZ?

I've used DMZ at clients before. Did you have specific questions about how to do it in Meraki world?

Getting noticed

Re: Anyone Using DMZ?

@Nash I have questions on how you set up a proper DMZ.

 

 

1. What was your hardware setup

2. How did you configure the SD-Wan portion

A model citizen

Re: Anyone Using DMZ?

We use a Meraki MX as a Firewall appliance and have DMZ networks on it. Essentially create a separate VLAN for each DMZ and in the Firewall rules, deny all access from the DMZs to the Internal network and other DMZs. We then connected the MX to a core router that has another MX handling the SD-WAN VPN. This allows you to restrict DMZ access as @cmr said.
CMNO, CCNA R+S
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.