Enable DMZ on a Netgear ProSafe/ProSecure router

    January 6th, 2021

    Introduction:

    DMZ allows you to segment a portion of your network to receive all inbound TCP/UDP ports. Keep in mind that SOHO/Residential routers will treat the DMZ differently than the ProSafe/ProSecure routers. In a residential router, the normal LAN is not segmented from the DMZ which usually can result, if the DMZ host is compromised, in malware gaining access to the LAN. In corporate/SMB firewalls (such as the ProSafe line), there is a physical and logical seperation of the DMZ port so there is mitigated risk of malicious access.

    Secondly, residential DMZ, by default, will enable all TCP/UDP ports. On the the ProSafe line of firewalls, the DMZ is "Locked Down" meaning you will need to enable each port/protocol for access. PITA? Sure. But do you really want a call from your CTO at 2AM wondering why there are 7 Romanian IPs with rogue telnet sessions into your server? I would think not.

    Step 1.

    Configure the DMZ

    Login to the Firewall's admin page by going to 192.168.1.1.and clicking on Network Configuration and then DMZ Setup. Enable the DMZ and create an IP pool the size of your needs. Make sure the LAN address given to the DMZ port does not overlap with your private LAN. Once you've selected Enable, you should see the LED on the DMZ port light up green.

    Step 2.

    Create inbound and outbound WAN-DMZ rules

    Head to Security then Firewall and then DMZ WAN Rulesand make sure to configure inbound and outbound rules for the Firewall to properly pass traffic.

    Step 3.

    Connect your gear

    Connect your switch/server/device to the port labelled DMZon the ProSafe/ProSecure router and test your connection/rules and ports.

    Was this article helpful?

    Send feedback

    Can’t find what you’re looking for?

    Pilot’s local support team is here for you.

    Contact Support