How to create DMZ on NSG?
Options
Zyxel_Melen
Posts: 4,035 
Guru Member
Guru Member
A DMZ (Demilitarized Zone) is a concept in your network to create a public area where you can place public servers for external network access. The typical rule is to allow traffic from both the WAN and LAN, but not to allow traffic from the DMZ to the LAN. This helps prevent external attackers from using it as a stepping stone to affect the security of important internal devices.
Nebula does not have a DMZ option for security gateway. However, you can use guest interface and NAT rule to create a DMZ.
NSG 200 is used as an example in this FAQ.
Configuration step:
- Navigate to the interface page and assign a port to port group 2.
- Configure LAN 2 as port group 2 and the interface settings.
- To make LAN 2 as a DMZ, please enable the guest interface function.
- Create a NAT rule for your server under DMZ. Path: Security gateway > Firewall
You can reference these FAQs to set the virtual server rule:
https://community.zyxel.com/en/discussion/11998
Verify:
Client: 192.168.11.33 ( LAN 1 )
Server: 192.168.13.11 ( DMZ / LAN 2 )
- LAN 1 client can ping to DMZ server.
- DMZ server cannot ping to LAN 1 client.
Zyxel Melen
0
Categories
- All Categories
- 439 Beta Program
- 2.8K Nebula
- 200 Nebula Ideas
- 126 Nebula Status and Incidents
- 6.3K Security
- 498 USG FLEX H Series
- 323 Security Ideas
- 1.6K Switch
- 83 Switch Ideas
- 1.3K Wireless
- 49 Wireless Ideas
- 6.8K Consumer Product
- 286 Service & License
- 457 News and Release
- 89 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 96 Security Highlight