ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual
3-20 LAN Configuration
v1.0, April 2010
To reserve an IP address, select Reserved (DHCP Client) from the IP Address Type drop-down 
list on the LAN Groups screen as described in “Adding PCs or Devices to the Network Database” 
on page 3-17 or on the Edit Groups and Hosts screen as described in “Editing PCs or Devices in 
the Network Database” on page 3-18.
Configuring and Enabling the DMZ Port
The demilitarized zone (DMZ) is a network that, by default, has fewer firewall restrictions when 
compared to the LAN. The DMZ can be used to host servers (such as a Web server, FTP server, or 
email server) and provide public access to them. The fourth LAN port on the VPN firewall (the 
rightmost LAN port) can be dedicated as a hardware DMZ port to safely provide services to the 
Internet without compromising security on your LAN. By default, the DMZ port and both inbound 
and outbound DMZ traffic are disabled. Enabling the DMZ port and allowing traffic to and from 
the DMZ increases the traffic through the WAN ports.
Using a DMZ port is also helpful with online games and videoconferencing applications that are 
incompatible with NAT. The VPN firewall is programmed to recognize some of these applications 
and to work correctly with them, but there are other applications that might not function well. In 
some cases, local PCs can run the application correctly if those PCs are used on the DMZ port.
The DMZ Setup screen lets you set up the DMZ port. It permits you to enable or disable the 
hardware DMZ port (LAN port 4, see “Front Panel” on page 1-7) and configure an IP address and 
subnet mask for the DMZ port.
Note: The reserved address is not assigned until the next time the PC or device contacts 
the VPN firewall’s DHCP server. Reboot the PC or device, or access its IP 
configuration and force a DHCP release and renew.
Note: A separate firewall security profile is provided for the DMZ port that is also 
physically independent of the standard firewall security component that is used for 
the LAN.