60
6 Internet security
DMS3-CTC-25-154 v1.0
6.2 DMZ
Introduction
The TG389ac allows you to configure one local device as a De-Militarized Zone (DMZ) host. This means that:
None of the TG389ac firewall rules will be applied to this device.
All traffic originating from the Internet will be forwarded to this devices unless there is a specific port forwarding rule
defined or automatically created for a specific type of traffic.
Use a static address for the DMZ host
Make sure that your DMZ host uses a static IP address (you choose a fixed IP address) instead of a dynamic IP address (the
DHCP server assigns an IP address). If you use a dynamic IP address, the device might get a new IP address after some time
and the port forwarding rule will no longer be applied to the device and another device may unexpectedly be acting as the
DMZ host.
How to configure a device as DMZ host
1
Browse to the TG389ac web interface.
For more information, see
“4.1.1 Accessing the TG389ac web interface from your local network” on page 33
.
2
Click
WAN Services
. The
WAN services
page appears.
3
In the upper-right corner, click
show advanced
. The
DMZ
section appears.
4
Switch
Enabled
to
.
5
In the
Destination
box, type the IP address of the device that you want to use as the DMZ host.
6
Optionally, you can make exceptions on the DMZ by creating port mappings to direct specific traffic to other devices. To
do this, click
Add new port mapping
under
Port forwarding table
.
7
Click
Save
. DMZ is now active.