TRENDnet TEW-633GR manual DMZ Host, Enable DMZ

Page 43

DMZ Host

DMZ means "Demilitarized Zone." If an application has trouble working from behind the router, you can expose one computer to the Internet and run the application on that computer.

When a LAN host is configured as a DMZ host, it becomes the destination for all incoming packets that do not match some other incoming session or rule. If any other ingress rule is in place, that will be used instead of sending packets to the DMZ host; so, an active session, virtual server, active port trigger, or port forwarding rule will take priority over sending a packet to the DMZ host. (The DMZ policy resembles a default port forwarding rule that forwards every port that is not specifically sent anywhere else.)

The router provides only limited firewall protection for the DMZ host. The router does not forward a TCP packet that does not match an active DMZ session, unless it is a connection establishment packet (SYN). Except for this limited protection, the DMZ host is effectively "outside the firewall". Anyone considering using a DMZ host should also consider running a firewall on that DMZ host system to provide additional protection.

Packets received by the DMZ host have their IP addresses translated from the WAN-side IP address of the router to the LAN-side IP address of the DMZ host. However, port numbers are not translated; so applications on the DMZ host can depend on specific port numbers.

The DMZ capability is just one of several means for allowing incoming requests that might appear unsolicited to the NAT. In general, the DMZ host should be used only if there are no other alternatives, because it is much more exposed to cyber attacks than any other system on the LAN. Thought should be given to using other configurations instead: a virtual server, a port forwarding rule, or a port trigger. Virtual servers open one port for incoming sessions bound for a specific application (and also allow port redirection and the use of ALGs). Port forwarding is rather like a selective DMZ, where incoming traffic targeted at one or more ports is forwarded to a specific LAN host (thereby not exposing as many ports as a DMZ host). Port triggering is a special form of port forwarding, which is activated by outgoing traffic, and for which ports are only forwarded while the trigger is active.

Few applications truly require the use of the DMZ host. Following are examples of when a DMZ host might be required:

A host needs to support several applications that might use overlapping ingress ports such that two port forwarding rules cannot be used because they would potentially be in conflict.

To handle incoming connections that uses a protocol other than ICMP, TCP, UDP, and IGMP (also GRE and ESP, when these protocols are enabled by the PPTP and IPSec ALGs ).

Enable DMZ

Putting a computer in the DMZ may expose that computer to a variety of security risks. Use of this option is only recommended as a last resort.

43

Image 43
Contents Page FCC Radiation Exposure Statement Important NoteTable of Contents Getting Started with the TEW-633GR Package Contents AD-HOCIBSS Network Wireless LAN NetworkingPage Roaming in an ESS network diagram Introduction ¾ Hardware Overview LEDs Getting Started ¾ Click Login Using the Configuration MenuBasicInternet BasicEnable Wireless BasicWirelessWEP WPA-Personal and WPA-Enterprise ExampleWPA-Personal WPA-Enterprise Advanced Optional Backup Radius ServerBridge Mode BasicNetwork SettingsWAN Port Mode Router ModeIP Address Router SettingsEnable RIP RIP Operating modeDhcp Server Settings Act as default routerAllow RIP updates from WAN RIP PasswordDhcp Lease Time MAC Address Always BroadcastAdd/Edit Dhcp Reservation Computer NameReserve Dhcp Reservations ListNumber of Dynamic Dhcp Clients RevokeAdvancedVirtual Server AdvancedPublic Port Virtual Server Parameters NameProtocol Private PortVirtual Servers List EnableAdd/Edit Virtual Server SaveTrigger Port Range AdvancedSpecial ApplicationsParameters for an Application Rule Example ApplicationAdd/Edit Special Applications Rule Trigger ProtocolInput Port Range Input ProtocolAdvancedGaming Edit/Add Game Rule Port Forwarding Fields NameTCP Ports To Open UDP Ports To OpenAdvancedStreamEngine StreamEngine Setup Enable StreamEngineMeasured Uplink Speed Automatic ClassificationDynamic Fragmentation Automatic Uplink SpeedSource Port Range Add/Edit StreamEngine Rule EnablePriority Source IP RangeAdd/Edit Route AdvancedRoutingAdd Policy AdvancedAccess ControlRoutes List Policy WizardWeb Filter Parameters Web Site AdvancedWEB FilterAdd/Edit Web Site Allowed Web Site List AdvancedMAC Address Filter Enable MAC Address FilterAdd/Edit MAC Address Filter Settings ModeFilter Wireless Clients Filter Wired ClientsAdvancedFirewall Address Restricted Firewall Settings Enable SPINAT Endpoint Filtering Endpoint IndependentDMZ Host Enable DMZRtsp PptpSIP FTPMMS AdvancedInbound Filter Allow All Add/Edit Inbound Filter RuleAction Inbound Filter Rules ListAdvancedAdvanced Wireless WDS AP MAC Address Extra Wireless ProtectionWDS Enable Short GIAdvancedNetwork Priority Classifiers Enable WishAdvanced Wish WishHost 1 IP Range Windows Media CenterAutomatic Add/Edit Wish RuleWish Rules Save/UpdateHost 2 Port Range ClearAdvanced Wi-Fi Protected Setup Add Wireless Device Wizard Add Wireless StationGenerate New PIN Tools ToolsAdminRemote Admin Port Admin PasswordUser Password Enable Remote ManagementToolsTime NTP Server Used Automatic Time Configuration Enable NTP ServerSet the Date and Time Manually ToolsEmail Settings Account Name PasswordVerify Password Email Log When Full or on Schedule On Log FullReboot The Device Save Settings To Local Hard DriveLoad Settings From Local Hard Drive Restore To Factory Default SettingsFirmware Information ToolsFirmwareCheck Online Upload Firmware UpgradeToolsDynamic DNS Timeout Verify Password or KeyToolsSystem Check ToolsSchedules Schedule Rules List Statistics and Active Sessions StatusDevice infoDhcp Connection Igmp Multicast memberships PPPoE, PPTP, L2TP ConnectionBigPond Connection LAN ComputersSignal StatusWirelessRate StatusRouting What to View StatusLogsEmail Now Apply Log Settings NowView Levels RefreshStatusStatistics NAT StatusActive SessionsInternal ExternalTime Out StateDir OutOriginator StatusWISH SessionsTarget Established or closing TCP connections Adsl Ascii BootpCAT DMZ DhcpDNS EAP DSLGUI Igmp HttpsIcmp IeeeLAN IPXISP L2TPMIB LPR/LPDMDI MdixOSI NICNTP OfdmPPP POP3Radius Snmp RIPRSA SmtpTCP/IP SSHSsid TCPVlan URLUSB UTPWlan WispWPA Limited Warranty
Related manuals
Manual 12 pages 53.04 Kb

TEW-633GR specifications

The TRENDnet TEW-633GR is a versatile wireless router that caters to both home and small office environments, providing reliable connectivity and performance. With its sleek design, the TEW-633GR stands out as a functional device that ensures users can enjoy high-speed internet access across various devices.

One of the main features of the TEW-633GR is its dual-band support. This router operates on both the 2.4GHz and 5GHz frequency bands, allowing users to take advantage of the less congested 5GHz band for activities requiring higher bandwidth, such as streaming and online gaming, while still maintaining compatibility with devices that only use the 2.4GHz band. This dual-band functionality enhances overall network performance and minimizes interference from other wireless devices.

The TEW-633GR delivers impressive wireless speeds, supporting the 802.11n wireless standard with speeds of up to 300 Mbps. This makes it an excellent choice for environments where multiple devices are connected simultaneously. Additionally, the router features three external antennas that help extend the wireless range and improve signal strength, ensuring consistent internet access throughout larger spaces.

In terms of security, the TRENDnet TEW-633GR offers several robust features to safeguard the network. It supports WPA/WPA2 encryption protocols, providing secure access to the wireless network while protecting sensitive data from potential intrusions. The integrated firewall adds an extra layer of security, helping to prevent unauthorized access and attacks.

Installation and setup of the TEW-633GR is user-friendly, with a web-based interface that guides users through the process. The inclusion of WPS (Wi-Fi Protected Setup) allows for quick and easy connections of compatible devices at the push of a button, eliminating the need for complicated configurations.

Moreover, the router incorporates Quality of Service (QoS) settings, which enable users to prioritize bandwidth allocation for specific applications or devices. This feature is particularly beneficial for households or offices with high demands on their internet connection, ensuring that critical tasks receive the necessary bandwidth to function optimally.

Overall, the TRENDnet TEW-633GR combines speed, reliability, and security, making it an ideal solution for users looking to enhance their wireless networking experience. Its dual-band capabilities, ease of installation, and robust security features contribute to its appeal as a modern router suited for diverse internet needs.