Creating an Additional DMZ or Perimeter Network with Threat Management Gateway TMG
Threat Management Gateway 2010 – Additional DMZ or Perimeter Network
1. Open up your Threat Management Gateway Management Console and click on Networking.
2. Right Click on Perimeter and select properties. Change the name to DMZ1 and give it a description. Click Ok. This is your existing DMZ.
3. On the right hand side click on Create a New Network. This will be for your second DMZ within your Threat Management Gateway. Enter in the name DMZ2 and click Next.
4. Select Perimeter Network and click Next.
5. Click Add Adapter.
6. Select your DMZ2 Interface and click Ok.
7. The IP address range is already populated. Click Next.
8. A summary is displayed of the new DMZ2 Threat Management Gateway network. Click Finish.
9. Click on the Network Rules tab. Right click on the existing Perimeter to External Relationship rule and select properties.
10. Change the name to DMZ1 Perimeter to External Relationship as this is the rule for the previous DMZ1. Click Ok.
11. On the right hand side click Create a Network Rule. Enter in the name DMZ2 Perimeter to External Relationship and click Next.
12. Select DMZ2 in the Add Network Entities Window and click Add.
13. DMZ2 is added to the Network Traffic Sources, click Next.
14. Select External in the Add Network Entities Windows and click Add.
15. External is added to the Network Traffic Destinations, click Next.
16. I will be selecting NAT here as my DMZ2 is using Private IP addressing. Click Next.
17. I will use the default IP address for the source. This will be the External IP address when going from DMZ2 to External for example using NAT. Click Next.
18. A summary is displayed of your settings. Click Finish. Follow steps 11-18 to create a Network rule from Internal to DMZ2 using the route method. You will then be ready to create your access rules for DMZ2 with your Threat Management Gateway.
All the tutorials included on this site are performed in a lab environment to simulate a real world production scenario. As everything is done to provide the most accurate steps to date, we take no responsibility if you implement any of these steps in a production environment.