DMZ Options?

[Avery]

I have noticed that some of the routers/devices, such as the Netgear FVS318G or UTM10, have a dedicated DMZ feature.

How does this compare, security-wise, to a conventional DMZ?

I'm not sure if there are effectively 2 firewalls on these routers, or if they just setup some rules.

 

[Glitch]

Those devices actually have the ability to create a different local subnet interface and DHCP so then your DMZ traffic isn't on the same IP scheme as your LAN. Those units also have a firewall for the DMZ and the LAN.

 

[YeOldeStonecat]

Conventional DMZ..that's more like what they are in more proper business grade models....a computer in the DMZ is properly isolated into an "orange" network...not on the same LAN as your primary internal network. Designed for servers and such, which are exposed to the internet...if they have a security problem, they're isolated from the main internal network, thus it's more of a secure setup. Sort of makes your network into 3x parts....External (internet), Internal main network (green), and the DMZ makes up a 3rd part of your network (orange). You can then setup firewall/ACL rules as to what ports/services of the DMZ will communicate with your internal green network.

Many "home grade" routers have a DMZ feature which simple exposed all 65,000 plus ports of that computers to the internet, effectively bypassing all the basic hardware firewall protection of NAT. Thus in my opinion...you're forcing your computer to commit suicide. Unfortunately...that computer is still part of your main internal network....so if that computer has a security problem...picks up some malware or something gets into it....it can hit the rest of your network too.