Configurethedeviceusing theweb interface Network configuration
Digi Connect Family and ConnectPort TSFamily
76
l
Enable DMZ Forwarding to this IP address: DMZ Forwarding allows you to specify a
single host (DMZ Server) on the private (internal) network that isavailable to anyone with
access to the NATPublic Interface IPaddress, for any TCP- and UDP-based services that
haven't been configured. Services enabled directly on the Digi device take precedence over
(are not overridden by) DMZ Forwarding. Similarly, TCPand UDPport forwarding rulestake
precedence over DMZ Forwarding (please see Forward TCP/UDP/FTP Connections
below). DMZForwarding is effectively a lowest priority default port forwarding rule that
doesn't permit the same remapping of port numbers between the public and private
networks, as ispossible if you use explicit port forwarding rules.
If enabled, the incoming TCPand UDP packetsfrom the public (external) network uses the
DMZ Forwarding rule, for which there is no other rule. Theseother rulesincludeexplicit
port forwarding rules or existing dynamic rules that were created for previous
communications, be those outbound (private to public) or inbound (public to private).
Also, the DMZForwarding rule isnot used if there is a local port on theDigi device to which
the packet may be delivered. This includesTCPservice listener ports as well as UDPports
that areopen for various services and clients. DMZ forwarding doesnot interfere with
established TCPor UDPconnections, either to local portsor through configured or
dynamic NAT rules. Outbound communications(private to public) from the DMZServer are
handled in the same manner asthe outbound communications from other hostson that
same private network.
WARNING! DMZForwarding presents security risksfor the DMZ Server.
Configure the DMZ Forwarding option only if you understand and are willing
to accept the risks associated with providing open access to this server and
your private network.
n
Forward protocol connections from external networksto the following internal devices:
Enables protocol forwarding to the specified internal devices. Currently, the only IPprotocols
for which protocol forwarding issupported are:
l
Generic Routing Encapsulation (GRE, IPprotocol 47).
l
Encapsulating Security Payload (ESP, IPprotocol 50, tunnel mode only).
Theseare routing protocolsthat route (tunnel) varioustypesof information between networks.
If your network needsto use the GREor ESPprotocol between the public and private
networks, enable this feature accordingly.
To Next Page
Loading...
Need help?
General
