ProSecure Unified Threat Management (UTM) Appliance Reference Manual
4-18 LAN Configuration
v1.0, January 2010
To reserve an IP address, select Reserved (DHCP Client) from the IP Address Type pull-down
menu on the LAN Groups screen as described in “Adding PCs or Devices to the Network
Database” on page 4-15 or on the Edit Groups and Hosts screen as described in “Editing PCs or
Devices in the Network Database” on page 4-16.
Configuring and Enabling the DMZ Port
The De-Militarized Zone (DMZ) is a network that, by default, has fewer firewall restrictions when
compared to the LAN. The DMZ can be used to host servers (such as a web server, FTP server, or
e-mail server) and provide public access to them. The fourth LAN port on the UTM (the rightmost
LAN port) can be dedicated as a hardware DMZ port to safely provide services to the Internet
without compromising security on your LAN. By default, the DMZ port and both inbound and
outbound DMZ traffic are disabled. Enabling the DMZ port and allowing traffic to and from the
DMZ increases the traffic through the WAN ports.
Using a DMZ port is also helpful with online games and videoconferencing applications that are
incompatible with NAT. The UTM is programmed to recognize some of these applications and to
work properly with them, but there are other applications that might not function well. In some
cases, local PCs can run the application properly if those PCs are used on the DMZ port.
The DMZ Setup screen lets you set up the DMZ port. It permits you to enable or disable the
hardware DMZ port (LAN port 4, see “Front Panel” on page 1-10) and configure an IP address and
subnet mask for the DMZ port.
Note: The reserved address is not assigned until the next time the PC or device contacts
the UTM’s DHCP server. Reboot the PC or device, or access its IP configuration
and force a DHCP release and renew.
Note: A separate firewall security profile is provided for the DMZ port that is hardware-
independent of the standard firewall security used for the LAN.