Dmz in standard mode, Dmz in nat mode – SonicWALL Internet Security Appliances User Manual
Page 156
Advanced Features Page 157
Click Advanced on the left side of the browser window, and then click DMZ Addresses.
Servers on the DMZ must have unique, valid IP addresses in the same subnet as the SonicWALL
WAN IP Address. Your ISP should be able to provide these IP addresses, as well as information on
setting up public servers.
DMZ in Standard Mode
To configure DMZ Addresses, complete the following instructions.
1. Enter the starting IP address of your valid IP address range in the From Address field.
2. Enter the ending IP address of your valid IP address range in the To Address field.
Alert You can enter an individual IP address in the From Address field only.
3. Click Update. Once the SonicWALL has been updated, a message confirming the update is
displayed at the bottom of the browser window.
If you receive an error when you click Update, confirm that the DMZ Address Range does not include
the SonicWALL WAN IP Address, the WAN Gateway (Router) Address, or any IP addresses assigned
on the One-to-One NAT or Intranet windows.
Tip The SonicWALL supports up to 64 DMZ address ranges.
DMZ in NAT Mode
The SonicWALL DMZ now has the ability to use private internal IP addresses rather than public IP
addresses on the network. Since NAT hides the true IP addresses in use on the network, NAT on the
DMZ is an additional security feature for the SonicWALL. The outside world only sees the outside
public IP address of the DMZ and not the internal private addresses.
To configure the DMZ in NAT Mode, use the following instructions:
1. In the DMZ Private Address field, enter the private internal IP address assigned to the DMZ
interface.
2. Assign a subnet mask in the DMZ Subnet Mask field. The LAN and DMZ can have the same
subnet mask, but the subnets must be different. For instance, the LAN subnet can be
192.168.0.1 with a subnet mask of 255.255.255.0, and the DMZ subnet can be 172.16.18.1
with a subnet mask of 255.255.255.0.