Overview
A demilitarized zone (DMZ) is a physical or logical sub-network that separates an internal LAN from other untrusted networks (usually the Internet). Servers in a DMZ network will be accessible from the Internet (untrusted networks) but will be isolated from the local private network (trusted network). If public servers are hacked, using a DMZ prevents malicious parties from gaining access to private networks.
The implementation of DMZ in our GWN7052(F)/GWN7062 routers will be done by setting up the device we want to exclude as a DMZ host, as the illustration below shows:
Setting up a DMZ host
Setting up a DMZ designates a device as a DMZ host and will forward all the ports to that device, a common use for DMZ will be to put a web server and configure it as a DMZ host.
Note that the device in the DMZ should be configured with a static IP.
in the above setup, the GWN7062 will be set as the firewall and the other connected devices by cable or wirelessly to it will be safe behind that firewall, while the web server will be on the opposite side and will be exposed and set up as the DMZ host.
To configure the DMZ host on the GWN7062/GWN7052(F), navigate to “External access → DMZ” and set the following:
- Enable DMZ host.
- Set the Destination Group for WAN1.
- Set the DMZ Hostname IP Address, we can take for example the IP address of our web server to have full access to the internet and be isolated from our LAN.
- If Two WANs are configured, then set the Destination Group and Hostanme IP Address For WAN2.
Now with this implementation, the web server will have full access to the internet with all ports being able to be forwarded to it.
