Block DMZ Host access to internal network
arnadu
Enthusiast - Level 1

hi

I am setting up a DMZ Host on a G1100 router. By default, it appears that the machine has access to all other machines on the internal network. I do not believe this is normal. Is there a setting somewhere to prevent it?

thanks

0 Likes
1 Solution
Edg1
Community Leader
Community Leader

Yes that is normal when you setup a DMZ host. A DMZ host will not block access to other hosts on the subnet. Setting up the DMZ host will completely open up that device to the internet. So if that device gets infected then the other devices on your network will be as risk.

In a residential/home router it is a very misleading setting. To have a true DMZ typically it will be done with mulitple firewalls or a virtual subnet. Is there a reason that open up that device? Can you just use port forwarding and use only the necessary ports?

View solution in original post

2 Replies
Edg1
Community Leader
Community Leader

Yes that is normal when you setup a DMZ host. A DMZ host will not block access to other hosts on the subnet. Setting up the DMZ host will completely open up that device to the internet. So if that device gets infected then the other devices on your network will be as risk.

In a residential/home router it is a very misleading setting. To have a true DMZ typically it will be done with mulitple firewalls or a virtual subnet. Is there a reason that open up that device? Can you just use port forwarding and use only the necessary ports?

arnadu
Enthusiast - Level 1

thank you Edg1. I was hoping for a built-in firewall solution to prevent exposing the rest of the network to the DMZ host. Without that, it does not seem reasonable to use this DMZ feature indeed. cheers.

0 Likes