Publish NAS securely on TZ400, with 2 ethernet ports
JCB
Newbie ✭
Good morning,
I would like to ask you, what is the best way to publish a NAS safely.
The scenario is the following.
I have 2 WAN (Metrolan and FTTH with public IP), and 1 LAN (Local Network)
I want to install the NAS with 2 Ethernet ports, one linked to the LAN, and the other to the FTTH.
My intention is to be able to access the NAS from the LAN, without putting the LAN at risk in case the NAS suffers an attack.
I have read the topic of setting up a DMZ, but I don't know how it works.
Can you help me?
Thanks in advance for your time.
Greetings,
JCB
Category: Firewall Security Services
0
Answers
You can't use the firewall to protect your LAN from the NAS if you plug the NAS's LAN port into your LAN.
You need to use only one port on the NAS, connected to an interface on your Sonicwall configured with zone DMZ.
Configure LAN -> DMZ and WAN -> DMZ access rules with the bare minimum of allowed services required. You will need NAT policies as well, assuming that the NAS will have a private IP.