Overview
Installation
Troubleshooting
Contact
FAQ
Specifications Glossary
License
Configuration:
Basic Gateway TCP/IP Wireless USB
SBG940 User Guide
14
DMZ
A de-militarized zone (
DMZ
) is one or more computers logically located outside the firewall between an SBG940
LAN and the Internet. A DMZ prevents direct access by outside users to private data.
For example, you can set up a web server
on a DMZ computer to enable outside users to access your website
without exposing confidential data on your network.
A DMZ can also be useful to play interactive games that may have a problem running through a firewall. You can
leave a computer used for gaming
only
exposed to the Internet while protecting the rest of your network. For more
information, see “
Gaming Configuration Guidelines
”.
Port Triggering
When you run an application that accesses the Internet, it typically initiates communications with a computer on
the Internet. For some applications, especially gaming, the computer on the Internet also initiates communications
with your computer. Because NAT does not normally allow these incoming connections:
•
The SBG940 has preconfigured port triggers for common applications.
•
If needed, you can configure additional port triggers on the
Gateway > PORT TRIGGERS — custom Page
.
Wireless Security
Because WLAN data is transmitted using radio signals, it may be possible for an unauthorized person to access
your WLAN unless you prevent them from doing so.
To prevent unauthorized eavesdropping of data transmitted
over your LAN, you must enable wireless security. The default SBG940 settings neither provide security for
transmitted data nor protect network data from unauthorized intrusions.
The SBG940 provides the following wireless security measures, which are described in “
Setting Up Your Wireless
LAN
”:
•
To prevent unauthorized eavesdropping, you must encrypt data transmitted over the wireless interface using
one
of:
—
If all of your wireless clients support Wi-Fi
®
Protected Access (WPA) encryption, we recommend using
WPA (see “
Configuring WPA on the SBG940
” and “
Configuring a Wireless Client for WPA
”).
—
Otherwise, configure a Wired Equivalency Privacy (WEP) key on the SBG940 and each WLAN client
(see “
Configuring WEP on the SBG940
” and “
Configuring a Wireless Client for WEP
”).
•
To protect LAN data from unauthorized intrusions, you can restrict WLAN access to computers having one or
both of:
—
Known MAC addresses (see “
Configuring a MAC Access Control List on the SBG940
”)
—
The same unique network name (
ESSID
)
as the SBG940 (see “
Configuring the Wireless Network Name
on the SBG940
” and “
Configuring a Wireless Client with the Network Name (ESSID)
”)
Restricting access to computers having the same network name is also called “disabling ESSID broadcasting” or
“enabling closed network operation.”