Kyocera KR2 User Manual page 29

The DMZ capability is just one of several means for allowing incoming requests that
might appear unsolicited to the NAT. In general, the DMZ host should be used only if
there are no other alternatives, because it is much more exposed to cyberattacks than
any other system on the LAN. Thought should be given to using other configurations
instead: a virtual server, a gaming rule, or a port trigger. Virtual servers open one port for
incoming sessions bound for a specific application (and also allow port redirection and
the use of ALGs). gaming is rather like a selective DMZ, where incoming traffic targeted
at one or more ports is forwarded to a specific LAN host (thereby not exposing as many
ports as a DMZ host). Port triggering is a special form of gaming, which is activated by
outgoing traffic, and for which ports are only forwarded while the trigger is active.
Few applications truly require the use of the DMZ host. Following are examples of when
a DMZ host might be required:
•
A host needs to support several applications that might use overlapping ingress
ports such that two gaming rules cannot be used because they would potentially
be in conflict.
•
To handle incoming connections that use a protocol other than ICMP, TCP, UDP,
and IGMP (also GRE and ESP, when these protocols are enabled by the PPTP
and IPSec ALGs ).
Enable DMZ
Note: Putting a computer in the DMZ may expose that computer to a variety of security
risks. Use of this option is only recommended as a last resort.
DMZ IP Address
Specify the LAN IP address of the LAN computer that you want to have unrestricted
Internet communication. If this computer obtains its address Automatically using DHCP,
then you may want to make a static reservation on the
so that the IP address of the DMZ computer does not change.
Non-UDP/TCP/ICMP LAN Sessions
When a LAN application that uses a protocol other than UDP, TCP, or ICMP initiates a
session to the Internet, the router's NAT can track such a session, even though it does
not recognize the protocol. This feature is useful because it enables certain applications
(most importantly a single VPN connection to a remote host) without the need for an
ALG.
Note that this feature does not apply to the DMZ host (if one is enabled). The DMZ host
always handles these kinds of sessions.
Enable
Enabling this option (the default setting) enables single VPN connections to a remote
host. (But, for multiple VPN connections, the appropriate VPN ALG must be used.)
Disabling this option, however, only disables VPN if the appropriate VPN ALG is also
disabled.
Basic → Network Settings
29 of 72
page