Configuring Demilitarized Zone (DMZ)

Demilitarized zone (DMZDemilitarized zone - A security method that separates internal LAN networks from external networks.) is a special segment of the local network reserved for servers accessible from the Internet. It is not allowed to access the local network from this segment — if a server in the DMZ is attacked, it is impossible for the attacker to reach other servers and computers located in the local network.

Configuring DMZ

As an example we will suppose rules for a web server located in the DMZ. The demilitarized zone is connected to the DMZ interface included in group Other Interfaces. The DMZ uses subnet 192.168.2.x, the web server's IP addressAn identifier assigned to devices connected to a TCP/IP network. is

Now you will add the following rules:

Traffic rules for the DMZ


To make multiple servers accessible in the DMZ, it is possible to use multiple public IP addresses on the firewall's Internet interface — so called multihoming.