Week 12 Activity Answer Sheet1
docx
keyboard_arrow_up
School
Schoolcraft College *
*We aren’t endorsed by this school
Course
262
Subject
Information Systems
Date
Nov 24, 2024
Type
docx
Pages
2
Uploaded by DrRamMaster341
What Rules?
For each of these scenarios, answer the questions related to interfaces/rules necessary to allow traffic
between network segments configured on the firewall:
HTTP traffic initiated from the LAN to the DMZ?
o
Does a rule exist?
Which one? Yes, a rule should exist on the LAN interface allowing
HTTP traffic to the DMZ.
o
Do we want/need this type of traffic to be allowed?
Why or why not? Yes, if you want
devices on the LAN to access the web server in the DMZ, you need to allow HTTP traffic.
This is typically desired for users on the internal network to interact with applications or
websites hosted in the DMZ.
HTTP traffic initiated from the WAN to the DMZ?
o
Does a rule exist?
Which one? Yes, a rule should exist on the WAN interface allowing
HTTP traffic to the DMZ. Look for a rule on the WAN interface permitting traffic to the
DMZ server's public IP (after NAT).
o
Do we want/need this type of traffic to be allowed?
Why or why not? yes, if you want
external users (from the internet) to access the web server in the DMZ, you need to
allow HTTP traffic. This is necessary for making services in the DMZ accessible from the
internet.
Any traffic initiated from the DMZ to the LAN?
o
Does a rule exist?
Which one? Typically, there should not be a rule allowing unrestricted
traffic from DMZ to LAN. It depends on your specific requirements, but usually, you'd
control access from DMZ to LAN strictly based on the needed services.
o
Do we want/need this type of traffic to be allowed?
Why or why not? You might want to
limit traffic from DMZ to LAN to specific services. Allowing unrestricted access could
pose security risks.
Any traffic initiated from the DMZ to the WAN?
o
Does a rule exist?
Which one? There should be a rule allowing traffic from the DMZ to
the WAN, especially if the web server in the DMZ needs internet access for updates or
external service communication
o
Do we want/need this type of traffic to be allowed?
Why or why not? Yes, if the DMZ
server needs internet access, you should allow this traffic. However, you might want to
restrict it to necessary services to enhance security.
LAN to DMZ
-
Did you make a new rule or other changes based on what you answered in the “What Rules?”
section?yes
-
If so, provide a summary and a screenshot of any modified or added settings here:
This rule allows traffic originating from devices in the LAN subnet to reach the DMZ subnet or a
specific server in the DMZ using the specified protocol (e.g., HTTP).
The rule is set to "Allow" to permit this traffic.
Logging is enabled to track instances of this traffic for monitoring and troubleshooting purposes.
WAN to DMZ
-
Did you make a new rule or other changes based on what you answered in the “What Rules?”
section?yes
-
If so, provide a summary and a screenshot of any modified or added settings here:
This rule allows incoming traffic from the WAN to reach the DMZ server, typically for web traffic
(HTTP).
The source can be set to "Any" or restricted to specific IP ranges if needed.
The destination is set to the WAN address or "Any," depending on your configuration.
NAT Reflection is enabled if you want internal users to access the web server in the DMZ using
the external IP address.
Ensure that the Redirect Target IP and Port are correctly set to route traffic to the DMZ server
Test Results
Paste a screenshot of the web page that loaded after going to the virtual IP that pertains to the server in
the DMZ
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help