As a corporate network administrator, we should ensure the speed of enterprise intranet is usually, on the other hand to ensure that the enterprise intranet staff computers are not affected by viruses and hackers. So can we have a way to make both hands hard? The answer is yes, today please follow the author together through clever setup to make up for the host of the DMZ fortress congenital defects, so that we can take into account the safety and speed.
Defect of a DMZ bastion host:
First, we need to know that the DMZ bastion host setting is the most common method in the corporate network, generally connected in the enterprise intranet or routing switch equipment subordinate computers should be counted as intranet, in the intranet computer network will encounter all kinds of trouble, such as the service can not directly communicate, Peer-to-peer software can not get high ID and so on. Normally, a network administrator can break the limit by turning on the DMZ feature of the routing switch device so that the computer in the DMZ area can be connected directly to the outer network.
However, in the actual use of the process, there are two problems, first, the DMZ bastion host computer and completely exposed to the Internet as the outside, very vulnerable to external intrusion and virus attacks; On the other hand, the DMZ host setup needs to divide the network segment separately, For medium-and low-end routing switching devices, the DMZ host can only set one or a few, can not be flexible to open.
Two-step solution to the DMZ bastion mainframe defects:
Due to the above two problems caused by small and medium-sized enterprises in the application of the DMZ bastion host encountered some trouble, how to protect the intranet through the routing of the network computer can also be used for multiple computers in the DMZ to release or solve the internal network application restrictions? Below please all readers follow the author hand in hand to make up the
The first step: the general situation when our computer in the intranet to download or other network applications will often find the speed is very unsatisfactory, the network status is limited, the relevant download only a few kb/s. (Figure 1)
Step two: Although we can break through this limitation through the DMZ host setting of the routing switch device, most of the low-end routing switches allow us to set an IP address as the DMZ host, so it is very inconvenient to use. (Figure 2)