Bugsy123's profile

New Poster

 • 

2 Messages

Friday, December 13th, 2019 11:00 AM

Closed

Gateway DMZ <---> WAN isolation?

I was hoping to setup a guest wifi network that is completely isolated from the LAN. I presumed, wrongfully it seems now, that the DMZ feature, offered by the Gateway, would prevent traffic from the DMZ host ever reaching the internal LAN. My tests proove otherwise as I was able to ping computers on my LAN from the DMZ host. I did confirm that DMZ was working as external traffic aimed at the gateway's WAN address reached the DMZ host.

 

QUESTION: Is this expected?

 

If it is, then it seems like a dangerous and irresponsible setting for Comcast to offer as others might make the same assumption about network isolation.

This conversation is no longer open for comments or replies and is no longer visible to community members.

Gold Problem Solver

 • 

2K Messages

6 years ago

The setting is enabled mostly for troubleshooting purposes, e.g. isolating a problematic connection issue.

Plus you're explicitly warned that this is a security risk. For example:

 

  • Enabling DMZ (a demilitarized zone) may resolve a device communication issue, but it's a security risk. If a device needs to be accessible to outside sources, we recommend using port forwarding instead. 

 

 

 

 

forum icon

New to the Community?

Start Here