First time poster in the new forum.
We're looking into creating a pure DMZ on our Palo Alto. Right now all our servers and network are behind a Layer 3 interface with private IPs. Anything that needs to be externally accessible is done via a One to One NAT through that interface. We have a vendor coming out to do some Lync setup and they "highly recommend" that the server(s) be placed in a DMZ and not inside our network. I tried explaining that we're pretty good at punching holes through and making things work but that wasn't an option.
I've been looking at some of the Layer 2 documentation and I think I'm on the right track but if anyone has done this already and has some tips or things to watch out for it would be a big help.
DMZ is a very good idea for servers. Configuration what You need isn't so complicated and I hope that this community will help You to create them.
Please read Understanding PAN-OS NAT
especially U-turn NAT is for You ( for traffic from Your LAN to DMZ) - this is a stranges part for peoples from ie. Juniper world.
What exactly do they mean by a DMZ? Most customers put the public servers on their own subnet/interface/zone using private IPs and use NAT to map them to public IPs. Are they suggesting a second public subnet? This can be done as well but is less common.
If they fear NAT issues, you can always give the Lync server a public IP and then put a VWire between the server and the switch that hosts the public IP addresses. Then you can configure Zone and DoS protection as well as restrict the applications that can talk to the server as well as apply threat and AV profiles.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!