Community Forum

Gateway DMZ <---> WAN isolation?

Highlighted
New Poster

Gateway DMZ <---> WAN isolation?

I was hoping to setup a guest wifi network that is completely isolated from the LAN. I presumed, wrongfully it seems now, that the DMZ feature, offered by the Gateway, would prevent traffic from the DMZ host ever reaching the internal LAN. My tests proove otherwise as I was able to ping computers on my LAN from the DMZ host. I did confirm that DMZ was working as external traffic aimed at the gateway's WAN address reached the DMZ host.

 

QUESTION: Is this expected?

 

If it is, then it seems like a dangerous and irresponsible setting for Comcast to offer as others might make the same assumption about network isolation.

Highlighted
Expert

Re: Gateway DMZ <---> WAN isolation?

The setting is enabled mostly for troubleshooting purposes, e.g. isolating a problematic connection issue.

Plus you're explicitly warned that this is a security risk. For example:

 

  • Enabling DMZ (a demilitarized zone) may resolve a device communication issue, but it's a security risk. If a device needs to be accessible to outside sources, we recommend using port forwarding instead. 

 

 

 

 


I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!