SnapGear 2.0.1 User Manual

Network Connections

41

Statically assigned IP
address

The majority of ISPs dynamically assign an IP address to
your connection when you dialin. However some ISPs use
pre-assigned static addresses. If your ISP has given you a
static IP address, enter it in Local IP Address and enter the
address of the ISP gateway in Remote IP Address.

If a connect of demand connection has been set up, Connect Now/Disconnect Now
buttons will be displayed. These make the CyberGuard SG appliance dial or hang up the
modem connection immediately.

Dialin access

Select Dialin Access to use this port as a dialin server to allow remote users to connect
to your local network. Refer to the chapter entitled Dialin Setup for details on configuring
the CyberGuard SG appliance and remote client.

DMZ

The DMZ port on your CyberGuard SG appliance can be configured as a second LAN
connection, a DMZ connection, a secondary Internet connection, or as a secondary
failover Internet connection that will be activated should your primary Internet connection
go down.

The configuration you select affects the default behaviour of the firewall for the DMZ port
(see Packet Filtering in the chapter entitled Firewall).

Direct DMZ

Select Direct DMZ if you wish to establish a physically separate DMZ network. A DMZ is
used to provide better security for your LAN. If you place a publicly accessible server on
your LAN, and an attacker compromises the server, then the attacker will immediately
have direct access to your LAN. However, if you place the server on a physically
separate network (i.e. the DMZ), and an attacker compromises the server, then the
attacker will only be able to access other machines on the DMZ. The CyberGuard SG
appliance will protect machines on the LAN from the compromised server on the DMZ.

Bridged DMZ

See the Bridged Internet section earlier in this chapter.