hi, right now we use verizon fios modem on 0/0 port and internal network on 0/2
i want to add a server on the dmz, i dont need it to have access to internal network resources, just internet connectivity.
right now the server get ip from the firewall and dns/gateway config for the firewall ip address, but no internet connection.
this is what i did until now:
1. network->interfaces->list
0/1 dmz ip 192.168.2.1/24 manageable
manage ip 192.168.2.1
interface mode: nat (i tried route also, just because i'm not sure what is the difference).
services options i copied from 0/2 trust (web ui, ping, ssl, ssh)
g-arp enabled by default
2. network->dhcp (the internal network have dhcp server but the server in the dmz dont need to have access to that).
ethernet0/1:
dhcp service: server
update from upstream dhcp client on interface any (default, i didnt touch that)
gateway 192.168.2.1 (because in the internal network i see the computers get from the dhcp server a gateway config to 192.168.1.1, the other network card on the firewall).
dns:1 192.168.2.1 - i dont really care about the dns right now because on the tests i tried to connect to website by their ip address.
netmask: 255.255.255.0
addresses:
192.168.2.10-192168.2.130 dynamic
3.policy->policies:
from dmz to untrust:
source - any
destination - any
service - any
action - permit
i know its not the most secure thing, but its the simply way in my situation...
as you can see i'm not an expert in firewalls and we dont have IT department, so if you can please explain it to me in the most simple way, but to help me understand what was my mistake, it will be great.
thanks in advance!