DMZ web server for external access

Hi there,

I would to configure my web server in a DMZ and make it accessible externally on the internet.
I already configure the following:
The web server is running on a VM in ESXi. I have the VM on it’s isolated vSwitch on a dedicated Ethernet port VLAN 90.

On PFsense I configured VLAN 90 interface and I assigned DHCP server.

My question is 1) what do I have to further configure on PFsense to have the web server in a secure DMZ and 2) how do I make it accessible on the internet?

If further information or picture is needed no problem.

Make sure VLAN 90 does not have access back to your LAN and open the port.

Create a NAT rule that allows WAN traffic to go to your web server on ports 80 and 443. I recommend specifying the ports for NAT since all over traffic will be blocked earlier in the packet flow of your firewall. Don’t just NAT based on IP. Also, I would statically assign an IP to your web server (assuming since you have DHCP running on the gateway this may not be the case).

If you have PFSense running, it might make more sense to run HAProxy on it and proxy requests to your web server. That’s what we do to reduce the attack surface of the webservers.