pfSense: Configuring the DMZ

Today’s post will be about setting up the DMZ (de-militarized zone). DMZ is a place where some traffic is allowed to pass and the rest is denied. The DMZ is the middle man when it comes to the LAN. To make this work you will need to have three NiC’s.

 

Configuring the DMZ

  1. Open the web GUI by using your local IP address. We will navigate to the tab named Interfaces and click on OPT1 or DMZ. If you do not see OPT1 or DMZ you will want to click on assign and then on the OPT1 or DMZ to enter the setup.12
  2. Now enable the port and start filling out the following details.

Enable: Enable Interface3

Description:  DMZ

Type:  Static

IP Address:  192.168.100.x or 192.168.200.x (shouldn’t be the same as your current subnet)

Gateway:  None

Block Private Networks:  unchecked

Block bogon networks:  unchecked4

  1. Then click on Save and Apply Changes 

6

 

Once completed you will have a DMZ configured. The DMZ allows access from the WAN and LAN interfaces, but it will not send traffic to the LAN. The DMZ is used as a guest network, Edge Exchange server, FTP server, and many more.  Adding an access point and a switch to the DMZ interface is recommended.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s