Configure And Enable The Dmz Port - NETGEAR SRX5308 Reference Manual

Configure and Enable the DMZ Port

The demilitarized zone (DMZ) is a network that, by default, has fewer firewall restrictions
when compared to the LAN. The DMZ can be used to host servers (such as a web server,
FTP server, or email server) and provide public access to them. The fourth LAN port on the
VPN firewall (the rightmost LAN port) can be dedicated as a hardware DMZ port to safely
provide services to the Internet without compromising security on your LAN. By default, the
DMZ port and both inbound and outbound DMZ traffic are disabled. Enabling the DMZ port
and allowing traffic to and from the DMZ increases the traffic through the WAN ports.
Using a DMZ port is also helpful with online games and videoconferencing applications that
are incompatible with NAT. The VPN firewall is programmed to recognize some of these
applications and to work correctly with them, but there are other applications that might not
function well. In some cases, local computers can run the application correctly if those
computers are used on the DMZ port.
Note: A separate firewall security profile is provided for the DMZ port that
is also physically independent of the standard firewall security
component that is used for the LAN.
The DMZ Setup screen lets you set up the DMZ port. It permits you to enable or disable the
hardware DMZ port (LAN port 4; see
and subnet mask for the DMZ port.

To enable and configure the DMZ port:
1. Select Network Configuration > DMZ Setup. The DMZ Setup screen displays:
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
Front Panel
LAN Configuration
on page 14) and configure an IP address
73