mizitheji / DMZ-secure-intranet Public

Notifications You must be signed in to change notification settings
Fork 0
Star 0

🔐 Secure DMZ & Intranet with MikroTik + Cisco L3 — real-world network isolation

0 stars 0 forks Branches Tags Activity

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
CORE SW Config		CORE SW Config
Mikrotik Config		Mikrotik Config
Network Diagram.png		Network Diagram.png
README.md		README.md
SW1 Config		SW1 Config
SW2 Config		SW2 Config

Repository files navigation

MikroTik DMZ + Cisco L3 Secure Intranet Setup

🌐 Scenario Overview

This setup demonstrates a real-world network design where:

MikroTik acts as edge firewall/router + DMZ host
Cisco Layer 3 switch handles intranet VLAN routing
Intranet can reach Internet, but not the DMZ
DMZ is publicly accessible, but isolated from Intranet

🧱 IP Addressing Plan

Zone	Subnet	Gateway
DMZ	172.17.0.0/24	172.17.0.1
Intranet (V1)	192.168.1.0/24	192.168.1.1
Intranet (V2)	192.168.2.0/24	192.168.2.1
Intranet (V3)	192.168.3.0/24	192.168.3.1
Transit	10.0.0.0/30	.1 MikroTik / .2 Cisco

🔒 Security Policy

✅ Intranet → Internet: Allowed
✅ DMZ → Internet: Allowed
❌ Intranet → DMZ: Blocked (Firewall)
❌ Internet → Intranet: Blocked
✅ Internet → DMZ (80/443): Allowed

About

🔐 Secure DMZ & Intranet with MikroTik + Cisco L3 — real-world network isolation

mikrotik firewall intranet vlan network-security dmz cisco-ios network-segmentation

Report repository