How to create DMZ on NSG?

Zyxel_Melen

A DMZ (Demilitarized Zone) is a concept in your network to create a public area where you can place public servers for external network access. The typical rule is to allow traffic from both the WAN and LAN, but not to allow traffic from the DMZ to the LAN. This helps prevent external attackers from using it as a stepping stone to affect the security of important internal devices.

Nebula does not have a DMZ option for security gateway. However, you can use guest interface and NAT rule to create a DMZ.

NSG 200 is used as an example in this FAQ.

Configuration step:

1. Navigate to the interface page and assign a port to port group 2.
   
2. Configure LAN 2 as port group 2 and the interface settings.
3. To make LAN 2 as a DMZ, please enable the guest interface function.
   
   
4. Create a NAT rule for your server under DMZ. Path: Security gateway > Firewall
   
   You can reference these FAQs to set the virtual server rule:
   https://community.zyxel.com/en/discussion/11998
   

Verify:

Client: 192.168.11.33 ( LAN 1 )

Server: 192.168.13.11 ( DMZ / LAN 2 )

• LAN 1 client can ping to DMZ server.

• DMZ server cannot ping to LAN 1 client.