ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual

3.In the Add Secondary LAN IP Address section, enter the additional IP address and subnet mask to be assigned to the LAN port of the VPN firewall.

4.Click Add. The secondary LAN IP address will be added to the Available Secondary LAN IPs table.

To make changes to the Available Secondary LAN IPs table, use the following buttons:

Select All. Selects all the entries in the Available Secondary LAN IPs table.

Delete. Deletes selected entries from the Available Secondary LAN IPs table.

Note: Additional IP addresses cannot be configured in the DHCP server. The hosts on the secondary subnets must be manually configured with the IP addresses, gateway IP and DNS server IPs.

Warning: Make sure that the secondary IP addresses are different from the LAN, WAN, DMZ, and any other subnet addresses that are attached to the VPN firewall. Example of correct addresses:

WAN IP address: 10.0.0.1 with subnet 255.0.0.0

DMZ IP address: 192.168.10.1 with subnet 255.255.255.0

LAN IP address: 192.168.1.1 with subnet 255.255.255.0

Secondary LAN IP address: 192.168.20.1 with subnet 255.255.255.0

Configuring and Enabling the DMZ Port

The De-Militarized Zone (DMZ) is a network which, when compared to the LAN, has fewer firewall restrictions, by default. This zone can be used to host servers (such as a Web server, FTP server, or email server, for example) and give public access to them. The eighth LAN ports on the VPN firewall can be dedicated as a hardware DMZ port for safely providing services to the Internet, without compromising security on your LAN.

The DMZ port feature is also helpful when using some online games and videoconferencing applications that are incompatible with NAT. The VPN firewall is programmed to recognize some of these applications and to work properly with them, but there are other applications that may not function well. In some cases, local PCs can run the application properly if those PCs are used on the DMZ port.

A separate firewall security profile is provided for the DMZ port that is hardware independent of the standard firewall security used for the LAN.

LAN Configuration

3-11

v1.1, August 2010

Page 49
Image 49
NETGEAR FVS318G manual Configuring and Enabling the DMZ Port