DMZ Host - DMZ Port

Discussion started by giffordj, Mar 28, 2007.

  giffordj

    giffordj LI Guru Member

    Can someone explain this difference to me.

    DMZ Host to me sounds like a way to expose one host as a DMZ.

    DMZ Port seems to me would be a way to extend a DMZ beyond one host.
  vpnuser

    vpnuser LI Guru Member

    Yes, you are pretty much correct. With DMZ port, you can use a switch to connect to multiple PCs as long as you have a public IP address for each PC in the DMZ.
  happyhacking

    happyhacking LI Guru Member

    Litle more info, hope this helps

    In fact, the only diference between the DMZ port and any other in LAN space are these 2 default firewall rules:

    Firewall rules copyed from rv016
    Action Source Interface Source Destination
    Deny All Traffic Any DMZ Any ~
    Allow All Traffic Any DMZ Any Any
    The interpretation is quite simple since DMZ cannot open any connection
    with the LAN, but LAN can open connections to DMZ and
    DMZ isnt protected for internal firewall

    Note that this rules can be override and the port will become another
    LAN port instead DMZ
