ZyXEL 2WG Betriebsanweisung
Chapter 9 DMZ Screens
ZyWALL 2WG User’s Guide
202
9.1.2 What You Need To Know About DMZ
DMZ and Security
It is highly recommended that you connect all of your public servers to the DMZ port(s).
It is also highly recommended that you keep all sensitive information off of the public servers
connected to the DMZ port. Store sensitive information on LAN computers.
It is also highly recommended that you keep all sensitive information off of the public servers
connected to the DMZ port. Store sensitive information on LAN computers.
DMZ and Firewall Rules
By default the firewall allows traffic between the WAN and the DMZ, traffic from the DMZ to
the LAN is denied, and traffic from the LAN to the DMZ is allowed. Internet users can have
access to host servers on the DMZ but no access to the LAN, unless special filter rules
allowing access were configured by the administrator or the user is an authorized remote user.
the LAN is denied, and traffic from the LAN to the DMZ is allowed. Internet users can have
access to host servers on the DMZ but no access to the LAN, unless special filter rules
allowing access were configured by the administrator or the user is an authorized remote user.
DMZ and NAT
See
for an overview of NAT.
If you do not configure SUA NAT or any full feature NAT mapping rules for the public IP
addresses on the DMZ, the ZyWALL will route traffic to the public IP addresses on the DMZ
without performing NAT. This may be useful for hosting servers for NAT unfriendly
applications.
If the DMZ computers use private IP addresses, use NAT if you want to make them publicly
accessible.
addresses on the DMZ, the ZyWALL will route traffic to the public IP addresses on the DMZ
without performing NAT. This may be useful for hosting servers for NAT unfriendly
applications.
If the DMZ computers use private IP addresses, use NAT if you want to make them publicly
accessible.
DHCP
Like the LAN, the ZyWALL can also assign TCP/IP configuration via DHCP to computers
connected to the DMZ ports.
See
connected to the DMZ ports.
See
for more information on DHCP.
IP alias
See
for more information on IP alias.
Port roles
See
for more information on port roles.
9.1.3 DMZ Public IP Address Example
The following figure shows a simple network setup with public IP addresses on the WAN and
DMZ and private IP addresses on the LAN. Lower case letters represent public IP addresses
(like a.b.c.d for example). The LAN port and connected computers (A through C) use private
IP addresses that are in one subnet. The DMZ port and connected servers (D through F) use
public IP addresses that are in another subnet. The public IP addresses of the DMZ and WAN
ports are in separate subnets.
DMZ and private IP addresses on the LAN. Lower case letters represent public IP addresses
(like a.b.c.d for example). The LAN port and connected computers (A through C) use private
IP addresses that are in one subnet. The DMZ port and connected servers (D through F) use
public IP addresses that are in another subnet. The public IP addresses of the DMZ and WAN
ports are in separate subnets.