Cisco WS-CE500-24TT Administration Guide - Page 61

Networking Configuring a DMZ 2 Other options: Click Edit to edit an entry. To enable a protocol binding, click Enable. To disable a protocol binding, click Disable. To delete an entry, check the box, and then click Delete. To select all entries in the table, check the box at the left side of the heading row. After you click Add or Edit, the Protocol Bindings Configuration window opens. STEP 3 Enter the following information: • Service: Choose a service from the list. The security appliance is configured with a list of standard services. For information about adding your own custom services to the list, see Creating Custom Services, page 104. • Local Gateway: Choose the interface that you want to use: Dedicated WAN or Configured WAN. • Source Network: To identify the source network, choose Any, Single Address, or Address Range. If you choose Single Address, enter the address in the Start Address field. If you choose Address Range, enter the Start Address and the End Address to specify the range. • Destination Network: To identify the destination network, choose Any, Single Address, or Address Range. If you choose Single Address, enter the address in the Start Address field. If you choose Address Range, enter the Start Address and the End Address to specify the range. STEP 4 Click Apply to save your settings. STEP 5 When you are ready, enable the new protocol bindings that you added. A new protocol binding is disabled until you enable it. Configuring a DMZ A DMZ (Demarcation Zone or Demilitarized Zone) is a subnetwork that is behind the firewall but that is open to the public. By placing your public services on a DMZ, you can add an additional layer of security to the LAN. The public can connect to the services on the DMZ but cannot penetrate the LAN. You should configure your DMZ to include any hosts that must be exposed to the WAN (such as web or email servers). Cisco SA500 Series Security Appliances Administration Guide 61