Server-Only Configuration on the Network DMZ
In this configuration, the server is installed in the Demilitarized Zone (DMZ) of a customer’s existing firewall. It acts only as a server and is protected from Internet exposure by the existing firewall.
Firewall Configuration
The enterprise firewall must have three network interfaces: WAN, LAN, and DMZ. Two-port firewalls are not supported.
In the firewall's DMZ, allocate a static IP address to the MBG. Typically, this is a private address as defined in RFC 1918.
On the firewall's WAN interface, configure a static IP address from the public/Internet range. This address must be:
- dedicated to the MBG solution
- publicly routable via the firewall
- reachable from the Internet and the internal network
MSL Configuration
In MSL, do the following:
- Access the MSL Server Console and select Configure this server.
- In Local Network Parameters, enter the server's internal (LAN) IP address server or select the default. This address must be:
- dedicated to the MBG solution
- private (allocated from DMZ network range)
- reachable from the internal network
MBG Configuration
In MBG, do the following:
- On the MBG main page, click the Network tab and click Profiles.
- Select Server-only configuration on the network DMZ.
- Select Apply DMZ configuration.
When configuration is complete, the system will use the public, post-NAT address of the server for both the set-side and ICP-side streaming addresses of the MBG. To determine this address, access the MSL Server Manager, select Review Configuration and examine the Internet Visible IP Address field.
The following diagram provides an example of a “Server-only configuration on the network DMZ”: