Menu
Network
Wireless
Advanced
Administrator

 
Advanced Help

DMZ
DMZ Setting
DMZ means "Demilitarized Zone." If an application has trouble working from behind the router, you can expose one computer to the Internet and run the application on that computer.
When a LAN host is configured as a DMZ host, it becomes the destination for all incoming packets that do not match some other incoming session or rule. If any other ingress rule is in place, that will be used instead of sending packets to the DMZ host; so, an active session, virtual server, active port trigger, or port forwarding rule will take priority over sending a packet to the DMZ host. (The DMZ policy resembles a default port forwarding rule that forwards every port that is not specifically sent anywhere else.)
The router provides only limited firewall protection for the DMZ host. The router does not forward a TCP packet that does not match an active DMZ session, unless it is a connection establishment packet (SYN). Except for this limited protection, the DMZ host is effectively "outside the firewall". Anyone considering using a DMZ host should also consider running a firewall on that DMZ host system to provide additional protection.
Packets received by the DMZ host have their IP addresses translated from the WAN-side IP address of the router to the LAN-side IP address of the DMZ host. However, port numbers are not translated; so applications on the DMZ host can depend on specific port numbers.
The DMZ capability is just one of several means for allowing incoming requests that might appear unsolicited to the NAT. In general, the DMZ host should be used only if there are no other alternatives, because it is much more exposed to cyberattacks than any other system on the LAN. Thought should be given to using other configurations instead: a virtual server, a port forwarding rule, or a port trigger. Virtual servers open one port for incoming sessions bound for a specific application (and also allow port redirection and the use of ALGs). Port forwarding is rather like a selective DMZ, where incoming traffic targeted at one or more ports is forwarded to a specific LAN host (thereby not exposing as many ports as a DMZ host). Port triggering is a special form of port forwarding, which is activated by outgoing traffic, and for which ports are only forwarded while the trigger is active.
Few applications truly require the use of the DMZ host. Following are examples of when a DMZ host might be required:
‧ A host needs to support several applications that might use overlapping ingress ports such that two port forwarding rules cannot be used because they would potentially be in conflict.
‧ To handle incoming connections that use a protocol other than ICMP, TCP, UDP, and IGMP (also GRE and ESP, when these protocols are enabled by the PPTP and IPSec
Enable DMZ
Putting a computer in the DMZ may expose that computer to a variety of security risks. Use of this option is only recommended as a last resort.
DMZ IP Address
Specify the LAN IP address of the LAN computer that you want to have unrestricted Internet communication.
Virtual Server
Add/Edit Virtual Server
Enable
Specifies whether the entry will be active or inactive.
Name
Assign a meaningful name to the virtual server, for example Web Server. Several well-known types of virtual server are available from the "Application Name" drop-down list. Selecting one of these entries fills some of the remaining parameters with standard values for that type of server.
IP Address
The IP address of the system on your internal network that will provide the virtual service, for example 192.168.10.50. You can select a computer from the list of DHCP clients in the "Computer Name" drop-down menu, or you can manually enter the IP address of the server computer.
Protocol
Select the protocol used by the service. The common choices -- UDP, TCP, and both UDP and TCP -- can be selected from the drop-down menu. To specify any other protocol, select "Other" from the list, then enter the corresponding protocol number (as assigned by the IANA) in the Protocol box.
Private Port
The port that will be used on your internal network.
Public Port
The port that will be accessed from the Internet.
Schedule
Select a schedule for when the service will be enabled. If you do not see the schedule you need in the list of schedules.
Clear
Re-initialize this area of the screen, discarding any changes you have made.
Routing
Add/Edit Route
Adds a new route to the IP routing table or edits an existing route.
Destination IP
The IP address of packets that will take this route.
Gateway
Specifies the next hop to be taken if this route is used. A gateway of 0.0.0.0 implies there is no next hop, and the IP address matched is directly connected to the router on the interface specified: LAN or WAN.
Metric
The route metric is a value from 1 to 16 that indicates the cost of using this route. A value of 1 is the lowest cost, and 15 is the highest cost. A value of 16 indicates that the route is not reachable from this router. When trying to reach a particular destination, computers on your network will select the best route, ignoring unreachable routes.
Interface
Specifies the interface -- LAN or WAN -- that the IP packet must use to transit out of the router, when this route is used.
Clear
Re-initialize this area of the screen, discarding any changes you have made.
Routes List
The section shows the current routing table entries. Certain required routes are predefined and cannot be changed. Routes that you add can be changed by clicking the Edit icon or can be deleted by clicking the Delete icon. When you click the Edit icon, the item is highlighted, and the "Edit Route" section is activated for editing. Click the Enable checkbox at the left to directly activate or de-activate the entry.
Access Control
Enable
By default, the Access Control feature is disabled. If you need Access Control, check this option.
Note: When Access Control is disabled, every device on the LAN has unrestricted access to the Internet. However, if you enable Access Control, Internet access is restricted for those devices that have an Access Control Policy configured for them. All other devices have unrestricted access to the Internet.
Application Level Gateway (ALG) Configuration
ALG
By default, the ALG feature is enabled. ALG configuration allows users to disable some application service.
Special Applications
Add/Edit Port Trigger Rule
Enable
Specifies whether the entry will be active or inactive.
Name
Enter a name for the Special Application Rule, for example Game App, which will help you identify the rule in the future. Alternatively, you can select from the Application list of common applications.
Protocol
Select the protocol used by the service. The common choices -- UDP, TCP, and both UDP and TCP -- can be selected from the drop-down menu.
Trigger Port
Enter the outgoing port range used by your application (for example 6500-6700).
Schedule
Select a schedule for when this rule is in effect.
Clear
Re-initialize this area of the screen, discarding any changes you have made.
Port Trigger Rule List
This is a list of the defined application rules. Click the Enable checkbox at the left to directly activate or de-activate the entry. An entry can be changed by clicking the Edit icon or can be deleted by clicking the Delete icon.
Gaming
Add/Edit Port Range Rule
Use this section to add a Port Range Rule to the following list or to edit a rule already in the list.
Rule Enable
Specifies whether the entry will be active or inactive.
Rule Name
Give the rule a name that is meaningful to you, for example Game Server. You can also select from a list of popular games, and many of the remaining configuration values will be filled in accordingly. However, you should check whether the port values have changed since this list was created, and you must fill in the IP address field.
IP Address
Enter the local network IP address of the system hosting the server, for example 192.168.10.50. You can select a computer from the list of DHCP clients in the "Computer Name" drop-down menu, or you can manually enter the IP address of the server computer.
TCP Ports to Open
Enter the TCP ports to open (for example 6159-6180, 99).
UDP Ports to Open
Enter the UDP ports to open (for example 6159-6180, 99).
Inbound Filter
Select a filter that controls access as needed for this rule.
Schedule
Select a schedule for the times when this rule is in effect.
Clear
Re-initialize this area of the screen, discarding any changes you have made.
Port Range Rule List
This is a list of the defined Port Range Rules. Click the Enable checkbox at the left to directly activate or de-activate the entry. An entry can be changed by clicking the Edit icon or can be deleted by clicking the Delete icon. When you click the Edit icon, the item is highlighted, and the "Edit Port Forwarding Rule" section is activated for editing.
Inbound Filter
Add/Edit Inbound Filter Rule
Here you can add entries to the Inbound Filter Rules List below, or edit existing entries.
Name
Enter a name for the rule that is meaningful to you.
Action
The rule can either Allow or Deny messages.
IP Adrress
The Internet address this rule applies to.
Clear
Re-initialize this area of the screen, discarding any changes you have made.
Inbound Filter Rules List
The section lists the current Inbound Filter Rules. An entry can be changed by clicking the Edit icon or can be deleted by clicking the Delete icon. When you click the Edit icon, the item is highlighted, and the "Edit Inbound Filter Rule" section is activated for editing.
In addition to the filters listed here, two predefined filters are available wherever inbound filters can be applied:
Allow All
Permit any WAN user to access the related capability.
Deny All
Prevent all WAN users from accessing the related capability. (LAN users are not affected by Inbound Filter Rules.)
Schedule
Add/Edit Schedule Rule
In this section you can add entries to the Schedule Rules List below or edit existing entries.
Name
Give the schedule a name that is meaningful to you, such as "Weekday rule".
Day(s)
Place a checkmark in the boxes for the desired days or select the All Week radio button to select all seven days of the week.
All Day - 24 hrs
Select this option if you want this schedule in effect all day for the selected day(s).
Start Time
If you don't use the All Day option, then you enter the time here. The start time is entered in two fields. The first box is for the hour and the second box is for the minute. Email events are normally triggered only by the start time. End Time
The end time is entered in the same format as the start time. The hour in the first box and the minutes in the second box. The end time is used for most other rules, but is not normally used for email events.
Clear
Re-initialize this area of the screen, discarding any changes you have made.
Schedule Rules List
This section shows the currently defined Schedule Rules. An entry can be changed by clicking the Edit icon or can be deleted by clicking the Delete icon. When you click the Edit icon, the item is highlighted, and the "Edit Schedule Rule" section is activated for editing.
Advanced Network
UPnP
By default, the UPnP feature is enabled. Universal Plug and Play (UPnP) is a set of networking protocols for primarily residential networks without enterprise class devices that permits networked devices, such as personal computers, printers, Internet gateways, Wi-Fi access points and mobile devices to seamlessly discover each other's presence on the network and establish functional network services for data sharing, communications, and entertainment.
WAN Ping
By default, the WAN Ping Respond feature is disabled. Enable WAN Ping Respond will reply information of router to outside network.