Digi Connect Wi-SP User Manual page 49

Digi Connect and ConnectPort TS Family web interface
Enable DMZ Forwarding to this IP address: DMZ Forwarding allows you to specify a
l
single host (DMZ Server) on the private (internal) network that is available to anyone with
access to the NAT Public Interface IP address, for any TCP- and UDP-based services that
haven't been configured. Services enabled directly on the Digi device take precedence over
(are not overridden by) DMZ Forwarding. Similarly, TCP and UDP port forwarding rules take
precedence over DMZ Forwarding (please see Forward TCP/UDP/FTP Connections
below). DMZ Forwarding is effectively a lowest priority default port forwarding rule that
doesn't permit the same remapping of port numbers between the public and private
networks, as is possible if you use explicit port forwarding rules.
If enabled, the incoming TCP and UDP packets from the public (external) network uses the
DMZ Forwarding rule, for which there is no other rule. These other rules include explicit
port forwarding rules or existing dynamic rules that were created for previous
communications, be those outbound (private to public) or inbound (public to private). Also,
the DMZ Forwarding rule is not used if there is a local port on the Digi device to which the
packet may be delivered. This includes TCP service listener ports as well as UDP ports that
are open for various services and clients. DMZ forwarding does not interfere with
established TCP or UDP connections, either to local ports or through configured or dynamic
NAT rules. Outbound communications (private to public) from the DMZ Server are handled
in the same manner as the outbound communications from other hosts on that same
private network.
Forward protocol connections from external networks to the following internal devices:
n
Enables protocol forwarding to the specified internal devices. Currently, the only IP protocols
for which protocol forwarding is supported are:
Generic Routing Encapsulation (GRE, IP protocol 47).
l
Encapsulating Security Payload (ESP, IP protocol 50, tunnel mode only).
l
These are routing protocols that route (tunnel) various types of information between
networks. If your network needs to use the GRE or ESP protocol between the public and
private networks, enable this feature accordingly.
Digi Connect Family and ConnectPort TS Family
WARNING! DMZ Forwarding presents security risks for the DMZ Server.
Configure the DMZ Forwarding option only if you understand and are willing
to accept the risks associated with providing open access to this server and
your private network.
Configuration through the web interface
49