Routing and WAN connections
BAT54-Rail/F..
Release
7.54
06/08
11.5
Demilitarized Zone (DMZ)
379
D With a ’Deny All’ strategy (see ’Set-up of an explicit "Deny All" strategy’
→ page 283): Allow access from "All stations in local network" to
123.45.67.2
11.5Demilitarized Zone (DMZ)
A demilitarized zone (DMZ) makes certain routers in a network accessible
from the Internet. These computers in the DMZ are generally used to offer
Internet services such as e-mail or similar services. The rest of the network
should of course be unaccessible for attackers on the Internet.
In order to allow this architecture, data traffic between the three zones Inter-
net, DMZ and LAN must be analyzed by a firewall. The firewall's tasks can
also be consolidated in a single device (router). For this, the router needs
three interfaces that can be monitored separately from each other by the fire-
wall:
D LAN interface
D WAN interface
D DMZ interface
11.5.1 Assigning interfaces to the DMZ
To configure the DMZ the corresponding interface is defined as the DMZ in-
terface.
Configuration with LANconfig
Ethernet ports are defined in LANconfig in the configuration area 'Interfaces'
on the 'LAN' tab under 'Ethernet ports'.
To Next Page
Loading...
