How To Allow Incoming Traffic To DMZ In Firewall
i have a cisco pix515e firewall along with a web server. i have configure all interfaces and put the web server on a dmz network. but i haven't figure out how to configure the port to allow it for incoming traffic to my web server [3577], Last Updated: Sun Jul 05, 2020
Webune Support
Sun Oct 03, 2010
0 Comments
539 Visits
question: i have a cisco pix515e firewall along with a web server. i have configure all interfaces and put the web server on a DMZ network. but i haven't figure out how to configure the port to allow it for incoming traffic to my web server.
well, if you have the same question of similar, you might find this tutorial helpful. At Webune, we get this question often so we wanted to post it here for your convenience:
Scenerio.
Firewall Type: Cisco Pix515e with ASDM 6.1
Internet Ip Address: 205.88.35.15
Intranet Ip Address: 10.30.30.30 (NAT web server address)
WARNING!!! Be sure to make a full backup of your running configuration before you attempt any changes.
so i want all traffic coming from the public ip address 205.88.35.15 to go to my web server at ip address 10.30.30.30
1. first you need to add a NAT Rule. go to Firewall, NAT Rules on the left menu
2. you will get a popup window 'Add Static NAT Rule' populate the following fields:
Original -----
Interface: dmz
Source: 10.30.30.30 (the web server's ip address in the DMZ zone)
Translated -----
Interface: outside (you outside interface on the firewall)
(0) Use IP Address: 205.88.35.15 (this is the public ip you want all incoming traffic to go to 10.30.30.30)
-Thats all for now.
Click Ok
Next, you will need to add Access rules. for example, i want to allow http access to my DMZ server so visitors can view my web pages.
under Firewall, go to 'Access Rules' and click on the +Add button, you should see a window like this:
populate the following:
Interface: outside
Action: Permit
Source: Any
Destination: 208.88.35.15 (you WAN IP Address)
Service: tcp/http (or whatever port you want to open)
Description: you can write anything here that will help you in the future.
[x] Enable Logging (Select)
Logging Level: Default
click ok
Now click Apply for the changes to take affect.
now test your access to your service, in our case, http (Port 80) service.
Done
well, if you have the same question of similar, you might find this tutorial helpful. At Webune, we get this question often so we wanted to post it here for your convenience:
Scenerio.
Firewall Type: Cisco Pix515e with ASDM 6.1
Internet Ip Address: 205.88.35.15
Intranet Ip Address: 10.30.30.30 (NAT web server address)
WARNING!!! Be sure to make a full backup of your running configuration before you attempt any changes.
so i want all traffic coming from the public ip address 205.88.35.15 to go to my web server at ip address 10.30.30.30
1. first you need to add a NAT Rule. go to Firewall, NAT Rules on the left menu
2. you will get a popup window 'Add Static NAT Rule' populate the following fields:
Original -----
Interface: dmz
Source: 10.30.30.30 (the web server's ip address in the DMZ zone)
Translated -----
Interface: outside (you outside interface on the firewall)
(0) Use IP Address: 205.88.35.15 (this is the public ip you want all incoming traffic to go to 10.30.30.30)
-Thats all for now.
Click Ok
Next, you will need to add Access rules. for example, i want to allow http access to my DMZ server so visitors can view my web pages.
under Firewall, go to 'Access Rules' and click on the +Add button, you should see a window like this:
populate the following:
Interface: outside
Action: Permit
Source: Any
Destination: 208.88.35.15 (you WAN IP Address)
Service: tcp/http (or whatever port you want to open)
Description: you can write anything here that will help you in the future.
[x] Enable Logging (Select)
Logging Level: Default
click ok
Now click Apply for the changes to take affect.
now test your access to your service, in our case, http (Port 80) service.
Done