|
|
Note!
For the SonicWALL PRO 100, PRO 200, PRO 300, PRO 230, PRO 330, and GX series
only.
The SonicWALL provides security by preventing Internet users from accessing machines on the LAN. This security, however, also prevents users from reaching public servers, such as Web or e-mail servers.
The SonicWALL offers a special DMZ ("Demilitarized Zone") port that provides Internet access to network servers. The DMZ sits between the local network and the Internet. Servers on the DMZ are publicly accessible, but they are protected from attacks such as SYN Flood and Ping of Death. Use of the DMZ port is optional.
Using the DMZ is a strongly recommended alternative to placing servers on the WAN port where they are not protected or established Public LAN servers.
Servers on the DMZ must have unique, valid IP addresses in the same subnet as the SonicWALL WAN IP Address. Your ISP should be able to provide these IP addresses, as well as information on setting up public servers.
To configure DMZ Addresses, complete the following instructions.
Enter the starting IP address of your valid IP address range in the From Address field.
Enter the ending IP address of your valid IP address range in the To Address field.
Alert!
You can enter an individual IP address in the From Address field only.
Click Update. Once the SonicWALL has been updated, a message confirming the update is displayed at the bottom of the browser window.
If you receive an error when you click Update, confirm that the DMZ Address Range does not include the SonicWALL WAN IP Address, the WAN Gateway (Router) Address, or any IP addresses assigned on the One-to-One NAT or Intranet windows.
Tip!
The SonicWALL supports up to 64 DMZ address ranges.
The SonicWALL DMZ has the ability to use private internal IP addresses rather than public IP addresses on the network. Since NAT hides the true IP addresses in use on the network, NAT on the DMZ is an additional security feature for the SonicWALL. The outside world only sees the outside public IP address of the DMZ and not the internal private addresses.
To configure the DMZ in NAT Mode, use the following instructions:
In the DMZ Private Address field, enter the private internal IP address assigned to the DMZ interface.
Assign a subnet mask in the DMZ Subnet Mask field. The LAN and DMZ can have the same subnet mask, but the subnets must be different. For instance, the LAN subnet can be 192.168.0.1 with a subnet mask of 255.255.255.0, and the DMZ subnet can be 172.16.18.1 with a subnet mask of 255.255.255.0.
If you choose to use DMZ NAT Many to One Public Address (Optional), enter the DMZ public IP address which is on the same subnet as the WAN for access to devices on the DMZ interface. DMZ NAT Many to One Public Address is only available if your SonicWALL is configured in NAT Enabled networking mode.
To delete an address or range, select it in the Address Range list and click Delete Range. Once the SonicWALL has been updated, a message confirming the update is displayed at the bottom of the browser window.