User manual
3.4. DMZ Settings
The settings in this part of the management web interface determine how the DFL-160's DMZ
interface operates. These settings are very similar to the corresponding page for the LAN interface
(see Section 3.3, “LAN Settings”).
DMZ Interface Options
There are three sections on this page of the web interface:
A. DMZ Interface Settings
B. Mode
C. DHCP Server Settings
A. DMZ Interface Settings
The IP address of the DMZ interface is allocated here for NAT and Routing mode. Transparent
mode does not require an IP address to be allocated. Instead, the LAN interface automatically gets
the same IP address as the WAN interface.
The setting Relay DNS queries sent to the DMZ interface IP should be enabled if, for example,
web browsers running on LAN clients are going to be resolved using external DNS servers on the
internet. Any other situation where URL resolution is required will also need to find a DNS server.
These DNS servers should be manually configured, if this hasn't already been done automatically
through DHCP when connecting to an ISP.
B. Mode
There are three modes that are available with the LAN interface. The presentation of the mode
options in the web interface is shown below.
• NAT Mode
This mode enables Dynamic Network Address Translation (NAT) use between the DMZ and
WAN interfaces. This means that the individual IP addresses of hosts on the DMZ interface will
be hidden from the public internet. All traffic coming from the public Internet to DMZ hosts
will be directed to the public IP address of the WAN interface and NetDefendOS will perform
the necessary IP address translation.
Enabling NAT is a recommended way to shield the users and hosts on the DMZ network from
outside users. It also means that a DFL-160 requires just a single public IP address to be
allocated by the ISP.
3.4. DMZ Settings Chapter 3. The System Menu
30