Netgate SG-1000 microFirewall

Author Topic: Is DMZ supported in pfSense firewall?  (Read 265 times)

0 Members and 1 Guest are viewing this topic.

Offline Teo En Ming

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Is DMZ supported in pfSense firewall?
« on: January 15, 2018, 05:41:28 pm »
Can I use my OPT1 interface as my DMZ network?

Offline jahonix

  • Hero Member
  • *****
  • Posts: 2533
  • Karma: +154/-20
  • volunteer since 2006
    • View Profile
Re: Is DMZ supported in pfSense firewall?
« Reply #1 on: January 15, 2018, 05:47:49 pm »
Sure, it all depends on the ruleset you apply to an interface (and your definition of a DMZ).
Where do you see a problem?

https://doc.pfsense.org/index.php/Example_basic_configuration#Example_setup_isolating_LAN_and_DMZ_but_each_with_unrestricted_Internet_access
Chris

The issue with IPv6 jokes is that almost no one understands them and no one is using them yet.

Offline Teo En Ming

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: Is DMZ supported in pfSense firewall?
« Reply #2 on: January 15, 2018, 11:30:18 pm »
It looks like I can use my OPTIONAL 1 interface as my DMZ network.

Reference Resources:

1. pfSense: Configuring the DMZ

Link: https://zacheryolinske.wordpress.com/2015/05/18/pfsense-configuring-the-dmz/

2. pfSense Setup: Part Four (Setting up a DMZ)

Link: http://pfsensesetup.com/pfsense-setup-part-four-setting-up-a-dmz/

The question is: Do I still need to configure port forwarding rules to servers in the DMZ network?

Offline hbauer

  • Jr. Member
  • **
  • Posts: 55
  • Karma: +4/-0
    • View Profile
Re: Is DMZ supported in pfSense firewall?
« Reply #3 on: January 16, 2018, 12:46:17 am »


The question is: Do I still need to configure port forwarding rules to servers in the DMZ network?
yes

Offline virgiliomi

  • Sr. Member
  • ****
  • Posts: 566
  • Karma: +74/-4
    • View Profile
Re: Is DMZ supported in pfSense firewall?
« Reply #4 on: January 18, 2018, 08:57:12 pm »
If you want the servers in your DMZ to be accessible via IPv4, yes, you do.  If you have IPv6 available and you're happy with your DMZ devices being only accessible through IPv6 (assuming they support it), then there's no requirement that you create IPv4 port forwards.