DMZ Host

DMZ means "Demilitarized Zone." If an application has trouble working from behind the router, you can expose one computer to the Internet and run the application on that computer.

When a LAN host is configured as a DMZ host, it becomes the destination for all incoming packets that do not match some other incoming session or rule. If any other ingress rule is in place, that will be used instead of sending packets to the DMZ host; so, an active session, virtual server, active port trigger, or port forwarding rule will take priority over sending a packet to the DMZ host. (The DMZ policy resembles a default port forwarding rule that forwards every port that is not specifically sent anywhere else.)

The router provides only limited firewall protection for the DMZ host. The router does not forward a TCP packet that does not match an active DMZ session, unless it is a connection establishment packet (SYN). Except for this limited protection, the DMZ host is effectively "outside the firewall". Anyone considering using a DMZ host should also consider running a firewall on that DMZ host system to provide additional protection.

Packets received by the DMZ host have their IP addresses translated from the WAN-side IP address of the router to the LAN-side IP address of the DMZ host. However, port numbers are not translated; so applications on the DMZ host can depend on specific port numbers.

The DMZ capability is just one of several means for allowing incoming requests that might appear unsolicited to the NAT. In general, the DMZ host should be used only if there are no other alternatives, because it is much more exposed to cyber attacks than any other system on the LAN. Thought should be given to using other configurations instead: a virtual server, a port forwarding rule, or a port trigger. Virtual servers open one port for incoming sessions bound for a specific application (and also allow port redirection and the use of ALGs). Port forwarding is rather like a selective DMZ, where incoming traffic targeted at one or more ports is forwarded to a specific LAN host (thereby not exposing as many ports as a DMZ host). Port triggering is a special form of port forwarding, which is activated by outgoing traffic, and for which ports are only forwarded while the trigger is active.

Few applications truly require the use of the DMZ host. Following are examples of when a DMZ host might be required:

A host needs to support several applications that might use overlapping ingress ports such that two port forwarding rules cannot be used because they would potentially be in conflict.

To handle incoming connections that uses a protocol other than ICMP, TCP, UDP, and IGMP (also GRE and ESP, when these protocols are enabled by the PPTP and IPSec ALGs ).

Enable DMZ

Putting a computer in the DMZ may expose that computer to a variety of security risks. Use of this option is only recommended as a last resort.

43

Page 42 Page 44
Page 43
Image 43
TRENDnet TEW-633GR manual DMZ Host, Enable DMZ
Page 42 Page 44

TEW-633GR specifications

The TRENDnet TEW-633GR is a versatile wireless router that caters to both home and small office environments, providing reliable connectivity and performance. With its sleek design, the TEW-633GR stands out as a functional device that ensures users can enjoy high-speed internet access across various devices.

One of the main features of the TEW-633GR is its dual-band support. This router operates on both the 2.4GHz and 5GHz frequency bands, allowing users to take advantage of the less congested 5GHz band for activities requiring higher bandwidth, such as streaming and online gaming, while still maintaining compatibility with devices that only use the 2.4GHz band. This dual-band functionality enhances overall network performance and minimizes interference from other wireless devices.

The TEW-633GR delivers impressive wireless speeds, supporting the 802.11n wireless standard with speeds of up to 300 Mbps. This makes it an excellent choice for environments where multiple devices are connected simultaneously. Additionally, the router features three external antennas that help extend the wireless range and improve signal strength, ensuring consistent internet access throughout larger spaces.

In terms of security, the TRENDnet TEW-633GR offers several robust features to safeguard the network. It supports WPA/WPA2 encryption protocols, providing secure access to the wireless network while protecting sensitive data from potential intrusions. The integrated firewall adds an extra layer of security, helping to prevent unauthorized access and attacks.

Installation and setup of the TEW-633GR is user-friendly, with a web-based interface that guides users through the process. The inclusion of WPS (Wi-Fi Protected Setup) allows for quick and easy connections of compatible devices at the push of a button, eliminating the need for complicated configurations.

Moreover, the router incorporates Quality of Service (QoS) settings, which enable users to prioritize bandwidth allocation for specific applications or devices. This feature is particularly beneficial for households or offices with high demands on their internet connection, ensuring that critical tasks receive the necessary bandwidth to function optimally.

Overall, the TRENDnet TEW-633GR combines speed, reliability, and security, making it an ideal solution for users looking to enhance their wireless networking experience. Its dual-band capabilities, ease of installation, and robust security features contribute to its appeal as a modern router suited for diverse internet needs.
Top Page Image Contents