D-Link NetDefend SOHO DFL-160 User Manual page 32

Netdefend soho utm firewall

Hide thumbs Also See for NetDefend SOHO DFL-160:

Reference manual (356 pages)

Quick installation manual (61 pages)

Quick installation manual (33 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

Table of Contents

3.4. DMZ Settings

Enabling NAT is a recommended way to shield the users and hosts on the DMZ network from

outside users. It also means that a DFL-160 requires just a single public IP address to be

allocated by the ISP.

•

Router Mode

This is the mode used if NAT is not used. It means that each the individual hosts and users on

the DMZ network need their own public IP addresses if they are to communicate with the public

Internet.

Although not recommended when WAN is connected to the public internet, there may be

situations where NAT cannot be applied and the individual DMZ network addresses need to be

exposed through the WAN interface.

In some scenarios, the WAN interface may be connected to another internal network and in this

case NAT usage may also not be appropriate because there is no need to shield DMZ addresses

and there are lots of internal IP addresses that can be used.

•

Transparent Mode

This mode is used if the DFL-160 is to be placed between the DMZ and WAN interface in a

transparent way. This means that no IP addresses need to be changed in either network, but the

traffic flowing between the interfaces is still subject to the rules and controls imposed by

NetDefendOS.

In transparent mode, NetDefendOS works out from the traffic itself which networks can be

found on the interfaces and creates the necessary entries in its routing table.

If both the LAN and DMZ interfaces have transparent mode enabled, traffic will flow

transparently between all 3 of the DFL-160 interfaces.

In transparent mode, the additional option is provided that allows the relaying of DHCP

requests.

C. DHCP Server Settings

With this option enabled, a range of IP addresses can be allocated which can then be allocated out to

hosts on the network as they are needed. The presentation of the server options in the web interface

is shown below.

In most scenarios, the DMZ network will be an "internal" network that does not require public IP

addresses. However, if a range of public IP addresses are allocated by the ISP these could also be

allocated using this feature.

NetDefendOS also allows a DHCP Reservations list to be created. These bind a certain IP address

with a particular MAC address. When a request for a DHCP lease is received on the interface,

NetDefendOS checks the MAC address of the requesting DHCP client against the list. If a match is

found, the IP address that has been associated with the MAC address is the one that is handed out.

The screenshot below shows how this option appears in the web interface. Combinations of IP

address and MAC address can be added to the list. The red icon on the right of each entry can be

Chapter 3. The System Menu

Table of Contents

D-Link NetDefend SOHO DFL-160 User Manual page 32

Troubleshooting

Related Products for D-Link NetDefend SOHO DFL-160

D-Link NetDefend SOHO DFL-160 User Manual page 32

Troubleshooting

Related Manuals for D-Link NetDefend SOHO DFL-160

Related Products for D-Link NetDefend SOHO DFL-160

Table of Contents