Chapter 8 Dmz Screens; Dmz Overview; Configuring Dmz - ZyXEL Communications ZyWALL 5 User Manual
Internet security appliance
Hide thumbs
Also See for ZyWALL 5:
- User manual (668 pages) ,
- Support notes (305 pages) ,
- Quick start manual (139 pages)
Table of Contents
Advertisement
8.1
DMZ Overview
The DeMilitarized Zone (DMZ) auto-negotiating 10/100 Mbps Ethernet port provides a way for public
servers (Web, e-mail, FTP, etc.) to be visible to the outside world (while still being protected from
DoS (Denial of Service) attacks such as SYN flooding and Ping of Death). These public servers can
also still be accessed from the secure LAN.
By default the firewall allows traffic between the WAN and the DMZ, traffic from the DMZ to the
LAN is denied, and traffic from the LAN to the DMZ is allowed. Internet users can have access to
host servers on the DMZ but no access to the LAN, unless special filter rules allowing access were
configured by the administrator or the user is an authorized remote user.
It is highly recommended that you connect all of your public servers to the DMZ port. If you have
more than one public server, connect a hub to the DMZ port.
It is also highly recommended that you keep all sensitive information off of the public servers
connected to the DMZ port. Store sensitive information on LAN computers.
8.2
Configuring DMZ
The DMZ port and the computers connected to it can have private or public IP addresses.
When the DMZ uses public IP addresses, the WAN and DMZ ports must use public IP addresses that
are on separate subnets. See the appendix for information on IP subnetting. If you do not configure
SUA NAT or any full feature NAT mapping rules for the public IP addresses on the DMZ, the
ZyWALL will route traffic to the public IP addresses on the DMZ without performing NAT. This may
be useful for hosting servers for NAT unfriendly applications (see the NAT chapter for more
information).
If the DMZ computers use private IP addresses, use NAT if you want to make them publicly
accessible.
Unlike the LAN, the ZyWALL does not assign TCP/IP configuration via DHCP to computers
connected to the DMZ ports(s). Manually assign the computers static IP addresses (in the same subnet
as the DMZ port's IP address), DNS server addresses and the ZyWALL's DMZ IP address as the
default gateway.
From the main menu, click DMZ. The screen appears as shown next.
DMZ Screens
This chapter describes how to configure the ZyWALL's DMZ.
ZyWALL 5 Internet Security Appliance
Chapter 8
DMZ Screens
8-1
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
