Hi
I want to provide secure access for software developers from Red into the Orange DMZ.
I will need to use a dynamic DMS.
I do not want to expose the DMZ to public access. Occasionally I may want to provide selective access to an individual to interact with a WUI (password security) to a device running on the DMZ.
The aim is to minimise the risk of cross-infection by a virus. The devices in the DMZ will all be Raspberry Pi’s. No PC that might catch a virus. There will be no requirement for access from Red/Orange to Blue/Green. I will want access from Green to Orange.
I am thinking what if I could setup a OpenVPN for the developers that provides access to the DMZ only?
This would require closing public access to the DMZ. Is that possible?
Is it the best way?
I have setup OpenVPNs when I was running ipCop. I also setup a device in the DMZ running a WUI, with public access, password protected. I haven’t tried a VPN into a closed DMZ.
The IPFire OpenVPN connection into Orange will be allowed by the IPFire firewall rules for the OpenVPN connection automatically so you don’t have to do anything.
Hi
When I used VPN with ipCop (quite a while ago), I recall it went straight into Green.
What I would like to do now is have VPN go to Orange, with no access to Green.
The aim is to ring fence the DMZ so if any viruses cross through the VPN, they don’t / can’t reach my Green network.