How to create DMZ on NSG?

Zyxel_Melen
Zyxel_Melen Posts: 2,567  Zyxel Employee
Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

A DMZ (Demilitarized Zone) is a concept in your network to create a public area where you can place public servers for external network access. The typical rule is to allow traffic from both the WAN and LAN, but not to allow traffic from the DMZ to the LAN. This helps prevent external attackers from using it as a stepping stone to affect the security of important internal devices.

Nebula does not have a DMZ option for security gateway. However, you can use guest interface and NAT rule to create a DMZ.

NSG 200 is used as an example in this FAQ.

Configuration step:

  1. Navigate to the interface page and assign a port to port group 2.
  2. Configure LAN 2 as port group 2 and the interface settings.
  3. To make LAN 2 as a DMZ, please enable the guest interface function.
  4. Create a NAT rule for your server under DMZ. Path: Security gateway > Firewall You can reference these FAQs to set the virtual server rule:
    https://community.zyxel.com/en/discussion/11998

Verify:

Client: 192.168.11.33 ( LAN 1 )

Server: 192.168.13.11 ( DMZ / LAN 2 )

  • LAN 1 client can ping to DMZ server.
  • DMZ server cannot ping to LAN 1 client.

Zyxel Melen