User manual
Network Connections
56
Dialin access
Select Dialin Access to use this port as a dialin server to allow remote users to connect
to your local network. Refer to the chapter entitled Dialin Setup for details on configuring
the CyberGuard SG appliance and remote client.
DMZ
Note
SG570 and SG575 models only.
The DMZ port on your CyberGuard SG appliance can be configured as a second LAN
connection, a DMZ connection, a secondary Internet connection, or as a secondary
failover Internet connection that will be activated should your primary Internet connection
go down.
The configuration you select affects the default behaviour of the firewall for the DMZ port
(see Packet Filtering in the chapter entitled Firewall).
Direct DMZ
Select Direct DMZ if you wish to establish a physically separate DMZ network. A DMZ is
used to provide better security for your LAN. If you place a publicly accessible server on
your LAN, and an attacker compromises the server, then the attacker will immediately
have direct access to your LAN. However, if you place the server on a physically
separate network (i.e. the DMZ), and an attacker compromises the server, then the
attacker will only be able to access other machines on the DMZ. The CyberGuard SG
appliance will protect machines on the LAN from the compromised server on the DMZ.
Bridged DMZ
Refer to the section entitled Bridging later in this chapter.
Services on the DMZ Network
Once you have configured the DMZ connection, you will also want to configure the
CyberGuard SG appliance to allow access to services on the DMZ. There are two
methods of allowing access.