Configure DMZ (Demilitarized Zone)

• How to get into the ordering process: Order Management
• The DMZ is only available for EC-XS/S
• The DMZ is always configured on Port 1.
• By default (if no own firewall is set up), all IP addresses in the DMZ are open from the Internet and in the opposite direction.
• Within the DMZ, you cannot use the central DHCP server of Enterprise Connect.
• You must use your own DHCP server or manually configure the IP addresses on the LAN devices.
• If you only want to make a very small number of servers reachable from the Internet, you can use PAT/NAT instead of DMZ: S-PAT/S-NAT (Static Port Address Translation / Static Network Address Translation)

In general, all connections established from the Internet to an Enterprise Connect location are blocked, see the firewall description. If you want your network to contain servers that must be reachable from the Internet (e.g. e mail server or web server), you can set up a Demilitarised zone (DMZ).

• At each location, you can activate a DMZ under Enterprise Connect.
• A fixed public IP block /30 or larger is needed for this.
• The IP block can be purchased in Order Management and then assigned to any location of a DMZ.
• If you are configuring a new IP range for the first time, the assigned range is not displayed until activation of the DMZ in the shopping cart has been submitted and the DMZ has been activated.
• The DMZ function is only available in the EC XS/S version.
• The DMZ function is not available in the EC M/L/XL version (as of September 2024).

1. Select the desired location in the dashboard and activate DMZ.
2. Select an IP range.
3. If required, you can change the VLAN tag for the DMZ here.
   • Under locations > Centro Business you can now see that the DMZ was enabled on Port 1.