DMZ Configuration Example

Document revision:1 (Tue Jul 06 09:29:40 GMT 2004)
Applies to: V2.8

Application Examples


This manual describes how to add DMZ hosts to a network.


Short for demilitarized zone, the term comes from military use, meaning a buffer area between two enemies. Applying it to IT sphere, it means computer or a small subnetwork that sits between a trusted internal network, such as corporate private LAN, and an untrusted external network, such as the public Internet.

Typically, the DMZ contains devices accessible to Internet traffic, such as Web (HTTP) servers, FTP servers, SMTP(e-mail) servers and DNSservers.


Consider the network diagram below:

DMZ network diagram

The router should have 3 NIC cards:

[admin@gateway] interface> print
Flags: X - disabled, D - dynamic, R - running
 #    NAME                         TYPE             RX-RATE    TX-RATE    MTU
 0  R Public                       ether            0          0          1500
 1  R Local                        ether            0          0          1500
 2  R DMZ-zone                     ether            0          0          1500
[admin@gateway] interface>