Trans-zone SMB BWM: any howto available?

mMontana
mMontana Posts: 1,389  Guru Member
50 Answers 1000 Comments Friend Collector Fifth Anniversary

I have computer on DMZ and Backup destination on LAN1.

I'd love to regulate bandwidth between for SMB/CIFS between these two hosts (on different zones and interfaces) for allowing smooth backups while not killing the firewall performances/services between zones (and internet).

Security policy with time condition: achieved.

BMW? How can I identify the service correctly using service groups?

All Replies

  • PeterUK
    PeterUK Posts: 3,460  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    So the LAN1 host will be downloading from host in DMZ?

    It be better to set default inbound/outbound priority to 6 and make a rule like this at priority 7:

  • mMontana
    mMontana Posts: 1,389  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary

    @PeterUK well…

    So the LAN1 host will be downloading from host in DMZ?

    (lacking of quoting features make me feel unconfortable)

    not quite… DMZ host will upload data, and sometimes verify it (thus reading) and… deleting. Application is instructed to check and purge the older backups.

    Honestly TCP:445 seem "not enough" to me, needing also other nice things like NetBios and such. However… Might be worth the try.

    It's also quite unconfortable that TCP:443 is marked "NetBIOS_TCP2". Not SMB or CIFS.

  • PeterUK
    PeterUK Posts: 3,460  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    It be some what safer not to upload from DMZ to LAN1

    If you was to Wireshark a backup you would see what ports are needed/used

Security Highlight