Table of ContentsPreviousNextSearch Knowledge Base

Complete PDF manual
PDF of this chapter

Default DMZ Server

Incoming traffic from the Internet is normally discarded by the firewall unless the traffic is a response to one of your local computers or a service for which you have configured an inbound rule. Instead of discarding this traffic, you can have it forwarded to one computer on your network. This computer is called the Default DMZ Server.

The Default DMZ Server feature is helpful when using some online games and video conferencing applications that are incompatible with NAT. The firewall is programmed to recognize some of these applications and to work properly with them, but there are other applications that may not function well. In some cases, one local PC can run the application properly if that PC's IP address is entered as the Default DMZ Server for a particular service.

The DMZ Server screen is used for setting up a firewall rule for traffic coming from the WAN to the DMZ. Inbound traffic for a service can be configured to be blocked or allowed, by default, or set per a schedule (defined on the Schedule page under the Security menu).

To assign a computer or server to be a Default DMZ server:

  1. Click the DMZ WAN Rules tab.
  2. When the DMZ WAN Rules screen displays, click Add.
  3. From the Service pull-down menu, select the service to allow or block.
  4. This is a unique name assigned to the service. The name usually indicates the type of traffic the rule covers such as ftp, ssh, telnet, ping, etc. Services not already in the list can be added from the Security < Services screen.

  5. Enter the Send to DMZ Service address of the device on the DMZ which is hosting the server.
  6. Select the port number checkbox and enter a port number ONLY if the server is listening on a port other than the default. For example, if a machine on the DMZ side is running a telnet server on port 2000, then select the Translate to Port Number checkbox and type 2000 in the Port field. if it is listening on the default port 23, then the box can be left unchecked.

  7. From the WAN Users pull-down menu, select the specific IP addresses on the WAN that will be affected by the rule. This rule will affect packets for the selected service to the defined IP address or range of IP addresses on the WAN side.
    • Any: All IP addresses on the WAN will be affected by the rule.
    • Single Address: A single WAN IP address will be affected by the rule.
    • Address Range: A range of IP addresses on the DMZ network will be affected by the rule.
  8. Click Apply to save your settings.
  9. .

    Note: For security, NETGEAR strongly recommends that you avoid using the Default DMZ Server feature. When a computer is designated as the Default DMZ Server, it loses much of the protection of the firewall, and is exposed to many exploits from the Internet. If compromised, the computer can be used to attack your network.

Table of ContentsPreviousNextSearch Knowledge Base