Chapter 7 Dmz Screens; Dmz Overview; Dmz Addresses; Configuring Dmz - ZyXEL Communications ZyWALL 10W User Manual

7.1

DMZ Overview

The DeMilitarized Zone (DMZ) auto-negotiating 10/100 Mbps Ethernet port provides a way for public
servers (Web, e-mail, FTP, etc.) to be visible to the outside world (while still being protected from DoS
(Denial of Service) attacks such as SYN flooding and Ping of Death). These public servers can also still be
accessed from the secure LAN.
By default the firewall allows traffic between the WAN and the DMZ, traffic from the DMZ to the LAN is
denied, and traffic from the LAN to the DMZ is allowed. Internet users can have access to host servers on the
DMZ but no access to the LAN, unless special filter rules allowing access were configured by the
administrator or the user is an authorized remote user.
It is highly recommended that you connect all of your public servers to the DMZ port. If you have more than
one public server, connect a hub to the DMZ port.
It is also highly recommended that you keep all sensitive information off of the public servers connected to
the DMZ port. Store sensitive information on LAN computers.
7.2

DMZ Addresses

You can assign public or private IP addresses to computers connected to the DMZ port.
With public IP addresses, the WAN and DMZ ports must use public IP addresses that are on separate
subnets. See the appendices for information on IP subnetting.
If the DMZ computers use private IP addresses, go to the WAN IP screen and select SUA Only or Full
Feature in the Network Address Translation field. Configure NAT mapping rules for the private IP
addresses of the computers on the DMZ
7.3

Configuring DMZ

From the MAIN MENU, click DMZ. The screen appears as shown next.
DMZ Screens
ZyWALL Series Internet Security Gateway
This chapter describes how to configure the ZyWALL's DMZ.
Chapter 7
DMZ Screens
7-1