Table of Contents
- C.1 Port Forwarding and Alias Addresses
- C.2 Implement a DMZ with Corente
- C.3 Example DMZ Configuration
- C.4 Partner Access to the DMZ
- C.5 Configure the DMZ Interface
- C.6 Configure Alias Addresses for the WAN Interface
- C.7 Configure the Default User Group - DMZ
- C.8 Configure Access to the DMZ on the Partners Tab
In networking, the demilitarized zone (DMZ) is a buffer between the private LAN and the public Internet or WAN. Servers that will be accessed both by machines on the private LAN and machines over the Internet/WAN, such as web or mail servers, are often placed in this zone to prevent unwanted traffic from the Internet/WAN from infiltrating the private LAN.
To implement a DMZ with Corente:
Your DMZ must consist of a single, fixed-address subnet, configured with private addresses.
Your Corente Virtual Services Gateway must be using an Inline configuration.
An extra (1) Ethernet card must be installed in the gateway hardware (in addition to the two (2) Ethernet cards required for an Inline configuration), configured with an IP address on the same private subnet as the DMZ servers.
If you have multiple servers in the DMZ that will be using the same port number(s) to receive traffic, one of these servers can use the WAN address of the gateway to receive traffic, but you must obtain a routable address for each additional server.
Traffic reaches servers on the DMZ via port forwarding from the gateway’s WAN interface. To prevent security breaches of your LAN, all traffic to and from the DMZ is denied unless explicitly permitted in App Net Manager.