How to create DMZ on NSG?
Zyxel_Melen
Posts: 2,567 Zyxel Employee
A DMZ (Demilitarized Zone) is a concept in your network to create a public area where you can place public servers for external network access. The typical rule is to allow traffic from both the WAN and LAN, but not to allow traffic from the DMZ to the LAN. This helps prevent external attackers from using it as a stepping stone to affect the security of important internal devices.
Nebula does not have a DMZ option for security gateway. However, you can use guest interface and NAT rule to create a DMZ.
NSG 200 is used as an example in this FAQ.
Configuration step:
- Navigate to the interface page and assign a port to port group 2.
- Configure LAN 2 as port group 2 and the interface settings.
- To make LAN 2 as a DMZ, please enable the guest interface function.
- Create a NAT rule for your server under DMZ. Path: Security gateway > Firewall
https://community.zyxel.com/en/discussion/11998
You can reference these FAQs to set the virtual server rule:
Verify:
Client: 192.168.11.33 ( LAN 1 )
Server: 192.168.13.11 ( DMZ / LAN 2 )
- LAN 1 client can ping to DMZ server.
- DMZ server cannot ping to LAN 1 client.
Zyxel Melen
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight