Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4472
Views
0
Helpful
8
Replies

RV320 - DMZ setup

Go to solution
groupetechno
Level 1
Level 1

‎03-20-2017 07:52 AM

Hello,

I just bought an RV320 router. I have completed the basic configuration of my local network. Now I want to put a server (RDP) in a DMZ. This server must be accessible from the Internet only on port 3389 and this server must not have access to the local network (for security reasons).

What is the simplest method to do this on a RV320 knowing that I have only one server to expose?

I noticed that the notion of DMZ is in several places in the configuration (DMZ Host, DMZ / WAN port, Vlan, etc.). I do not quite understand the differences.

Thank you

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ami Xiao
Level 1
Level 1
In response to groupetechno

‎03-23-2017 07:59 PM

If the port is tagged, your device must bring VID label (setup in network card) to obtain corresponding pool. Otherwise, router will offer you the PVID pool (untagged).

For example:

If your device on LAN3 with VID label router will offer you VLAN1 pool, if without VID label will get VLAN4 ip pool.

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Ami Xiao
Level 1
Level 1

‎03-21-2017 07:40 PM

Hi 

DMZ host more like port forwarding, it forward all traffic from wan to specified lan address.

You should use DMZ port. By default DMZ port host not allow to access local network but allow all traffic from wan to dmz, you could add access rule on firewall to limit only port 3389 accessible.

0 Helpful

Go to solution
groupetechno
Level 1
Level 1
In response to Ami Xiao

‎03-22-2017 07:00 AM

Hi,

I read that DMZ port requires a separate WAN Ip address. I have only one Wan IP. I'm not sure that works. Also, when I connect to this port (after activation), nothing append (dhcp, traffic, etc..).

I try something that it's seem work but I'm not sure that is secure. I create a new network (different from my lan network) but I don't create Vlan. I set Ip adress of my server (that i want expose) with new network information and create a redirection on port 3389. Is it bad ?

0 Helpful

Go to solution
Ami Xiao
Level 1
Level 1
In response to groupetechno

‎03-22-2017 05:50 PM

Due to new multiple subnet able to communicate with lan network, u should create new vlan for your server and make sure intervlan function is uncheck, then setup a redirection to port 3389, that will be ok.

0 Helpful

Go to solution
groupetechno
Level 1
Level 1
In response to Ami Xiao

‎03-23-2017 06:11 AM

Thank you very much for your help.

May I have one last question?  When I create a Vlan for my new network, I have to indicate if the router ports are tagged or untagged. What should I chose for each port ? For now the server is not directly connected to the router but I can do it if necessary.

0 Helpful

Go to solution
Ami Xiao
Level 1
Level 1
In response to groupetechno

‎03-23-2017 07:59 PM

If the port is tagged, your device must bring VID label (setup in network card) to obtain corresponding pool. Otherwise, router will offer you the PVID pool (untagged).

For example:

If your device on LAN3 with VID label router will offer you VLAN1 pool, if without VID label will get VLAN4 ip pool.

0 Helpful

Go to solution
Rickam
Level 1
Level 1
In response to groupetechno

‎02-19-2022 08:53 PM

Hi groupetechno,

 

I've been struggling for years to get the DMZ configured properly on my RV320.   As it is now, I can use the hardware DMZ port for my server, but can only receive packets from the WAN.  I can't initiate connections or ping the outside world from the DMZ so this makes it difficult to get updates etc.      

 

Like you, I also read somewhere "that the DMZ port requires a separate WAN IP address" from the ISP.  I feel like that would be mentioned somewhere in the documentation, but it's not.    Nonetheless I can't get it configured properly. I just can't crack it.
nowhere can I configure a firewall rule to allow DMZ to WAN. 

I don't want to use the "DMZ host" feature on this router (seems like a bad idea).   Was your solution to set up your own DMZ subnet, and set up your own firewall rules to block your custom DMZ to LAN?

Is this a universal concept that the DMZ port is designed to use additional public IP addresses purchased from the ISP.  The documentation for the RV340 series may suggest this, so maybe there is no way I can get this to work.  

 

0 Helpful

Go to solution
groupetechno
Level 1
Level 1

‎04-10-2017 06:10 PM

With configuration on network card setup, everything work well. Thank you !

Initially I wanted the workstation (server) connected to port # 3 to be automatically in the Vlan 4. I understand that this can not be done with this router?

0 Helpful

Go to solution
Ami Xiao
Level 1
Level 1
In response to groupetechno

‎04-20-2017 06:51 PM

If your device can't bring vlan tag by network card, you can set port#3 vlan4 as untagged as well.

0 Helpful
Customers Also Viewed These Support Documents