I have an office using pfsense and I wanted to confirm their DMZ setup is secure. Currently, they have a WAN, LAN, and Trunk interface. They have some VLANs setup and one of these VLANs is labeled as DMZ. So not a true DMZ. All external traffic comes in through WAN. Select traffic destined to the "DMZ" has a NAT and WAN>DMZ VLAN rule.
This pfsense instance is virtualized and is currently limited to physical NICs on the host so a separate DMZ interface is not possible without additional costs. While this current setup is functional, is it adequate security-wise or should changes be made? Any suggestions?
No comments:
Post a Comment