Exposed Host (Software Dmz) - NETGEAR ProSafe FVS338 Reference Manual

Note: In this application, the use of the term 'DMZ' has become common, although it is
a misnomer. In traditional firewalls, a DMZ is actually a separate physical network port.
A true DMZ port is for connecting servers that require greater access from the outside,
and will therefore be provided with a different level of security by the firewall. A better
term for our application is Exposed Host.
• One-to-one NAT mapping: This feature can only be used if your ISP has allocated you
multiple fixed Internet IP addresses.
Note: No firewall security is available for one-to-one NAT mapping. Use this feature at your
own risk.

Exposed Host (Software DMZ)

Incoming traffic from the Internet is normally discarded by the firewall unless the traffic is a
response to one of your local computers or a service for which you have configured an inbound
rule. Instead of discarding this traffic, you can have it forwarded to one computer on your network.
This computer is called the exposed host.
Note: For security, NETGEAR strongly recommends that you avoid using the exposed
host feature. When a computer is designated as the exposed host, it loses much of the
protection of the firewall and is exposed to many exploits from the Internet. If
compromised, the computer can be used to attack your network.
LAN Configuration
Reference Manual for the ProSafe VPN Firewall 50 FVS338
January 2005
6-7