How to make a DMZ server and a VPN coexist on a customer's network

Learn how to configure a VPN firewall so that it works with a customer's DMZ server.

If I install a VPN firewall router for a customer, will it be affected in any way by the setup of a DMZ server? In other words, would a DMZ server and a VPN be able to coexist?

This is certainly possible although the details will vary depending on the equipment that you choose. One popular way of doing this is to have 3 ports on your firewall, one of which leads to a completely separate DMZ segment. This has the advantage of isolating the publicly accessible portion of your customer's network from the private part, thereby enhancing security.

Assuming you are planning on using IPSec as your VPN, you will want to ensure that you configure its policy to allow non-VPN packets to bypass IPSec. RFC 2401 has more about IPSec policies, but you will need to consult your firewall/VPN's user's manual for details on the default policy and configuration.

Dig Deeper on MSPs and cybersecurity