32. Use the DMZ Service page to configure the DMZ services.
33. Click Add to create a DMZ service.
Other options: To edit an entry, click the Edit (pencil) icon. To delete an entry, click the Delete (x) icon. To delete multiple entries, check them and click Delete.
34. In the DMZ Service - Add/Edit window, enter the following information:
• Original Service: Choose a service as the incoming service.
• Translated Service: Choose a service as the translated service or choose Original if the translated service is same as the incoming service. If the service that you want is not in the list, choose Create a new service to create a new service object. To maintain the service objects, go to the Networking > Service Management page. See Service Management, page 157.
NOTE: One-to-one translation will be performed for port range forwarding. For example, if you want to translate an original TCP service with the port range of 50000 to 50002 to a TCP service with the port range of 60000 to 60002, then the port 50000 will be translated to the port 60000, the port 50001 will be translated to the port 60001, and the port 50002 will be translated to the port 60002.
• Translated IP: Choose the IP address of your local server that needs to be translated. If the IP address that you want is not in the list, choose Create a new address to create a new IP address object. To maintain the IP address objects, go to the Networking > Address Management page. See Address Management, page 155.
• WAN: Choose either WAN1 or WAN2, or both as the incoming WAN port.
• WAN IP: Specify the public IP address for the server. You can use the IP address of the selected WAN port or a public IP address that is provided by your ISP. When you choose Both as the incoming WAN port, this option is grayed out.
• Enable DMZ Service: Click On to enable the DMZ service, or click Off to create only the DMZ service.
• Create Firewall Rule: Check this box to automatically create a firewall rule to allow access for this DMZ service. You must manually create a firewall rule if you uncheck this box.
NOTE: If you choose Both as the incoming WAN port, a firewall rule from Any zone to Any zone will be created accordingly.
• Description: Enter the name for the DMZ service.
For example, you host an RDP server (192.168.12.101) on the DMZ. Your ISP has provided a static IP address (172.39.202.102) that you want to expose to the public as your RDP server address. You can create a DMZ service as follows to allow Internet user to access the RDP server by using the specified public IP address.
NOTE: In this example, you must manually create two address objects (RDPServer and PublicIP) and a TCP service object with the port 3389 called “RDP.”