DMZ Support Provides Secure Configuration

Stateful packet filtering often separates more trusted networks closer to the core of your network from the DMZ networks at the perimeter. Packet filtering may also separate the Internet from the DMZ. The military metaphor comes from the idea that you'll let untrusted users on the DMZ networks, but they can't "bring guns." For example, packet filtering might allow HTTP from the Internet to reach the DMZ but prohibit telnet, finger, and other protocols that might easily allow an attack on your trusted networks to be launched.

DMZ in Action

The SonicWALL DMZ allows all traffic from the WAN to access the DMZ, but prevents WAN traffic from accessing the protected LAN segment. All LAN traffic can pass outward to the DMZ or the WAN, but only traffic originating in the DMZ or traffic that is part of a session that a LAN user initiated can enter the LAN.

DMZ Port for Internet Servers.

SonicWALL provides security by preventing Internet users from accessing machines inside the LAN. This security, however, also prevents users from reaching servers intended for public access, such as a Web or E-mail server, which are crucial for effective Internet use.

In order to allow such services, SonicWALL comes with a special DMZ port which is used for setting up public servers. The DMZ sits between the local network and the Internet. Servers on the DMZ are publicly accessible, but they are protected from attacks such as SYN Flooding and Ping of Death. Use of the DMZ port is optional, it may be left unconnected.

Using the DMZ is preferred and, if practical, a strongly recommended alternative to Public LAN Servers or putting these servers on the WAN port where they are not protected and not accessible by users on the LAN.

Each of the servers on the DMZ will need a unique, publishable Internet IP address. The Internet Service Provider used to connect the network to the Internet should be able to provide these addresses, as well as information on setting up public Internet servers.

SonicWALL's DMZ port enables organizations to easily design, deploy, and proactively update and monitor a multi-server network through a single firewall strategy. Administrators can easily create a DMZ  within the network by simply adding rules to the firewall.

To learn more about the SonicWALL firewall and its components and features, please visit our web site dedicated to SonicWALL by clicking on the button below.