ZyWall310/USG310 setup a VM in a DMZ zone

mpopov
mpopov Posts: 5  Freshman Member
First Anniversary Nebula Gratitude First Comment
edited April 2021 in Security
Hi there, 
we have ZyWall310 and USG310 that are set up with identical config, where one is on stand by. Right now USG310 I on a stand by but we want to make it our main gateway. We are implementing a SecureLink solution which is gonna be a virtual machine that should be in the DMZ zone. We have configured failover for the WAN1 and 2 on ports 1 and 2. On port 4 we have our main network and that's where the virtual servers are connected. Port 5 should be the DMZ zone, but since we gonna use VM(virtual machine) nothing is connected. On port 6 we have another network for segmentation and port 7 is our IMPI network. port 8 is available. I thought this would be a straight forward way to do it but my attempts so far can't even get me to be able to ping port 5 from my VM. Any help would be greatly appreciated. 

Thanks,
Mladen

All Replies

  • jasailafan
    jasailafan Posts: 189  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Your VM is connected to DMZ zone. 
    What is the setting on DMZ interface and the IP address and gateway IP of VM?
    It would be helpful if you can share the settings of DMZ in this post. 
  • mpopov
    mpopov Posts: 5  Freshman Member
    First Anniversary Nebula Gratitude First Comment
    the DMZ setting on the interface is internal and the IP is set to 192.168.42.1. As for the VM the IP is .5. Which settings of the DMZ would you like me to share? I was trying to find a guide on how the DMZ should be set on the ZyXEL to confirm if what i did is the right thing. 
  • mpopov
    mpopov Posts: 5  Freshman Member
    First Anniversary Nebula Gratitude First Comment
    Im attaching a network diagram of what and how things are currently connected 

  • jasailafan
    jasailafan Posts: 189  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Does the IP 192.168.42.5 of VM get from dhcp of DMZ? Or is the IP configured manually?
    On zywall, you can capture packets for dmz interface. On VM, ping 192.168.42.1 continuously. Then check icmp request and reply packets and see which side doesn't respond.  

Security Highlight