Recommend:
To the knowledge base

Setting up a DMZ with the FRITZ!Box

A DMZ (demilitarized zone) refers to a special network that can be accessed from the internet as well as from the local network (LAN). A firewall completely blocks all access from the DMZ to the LAN. This concept allows you to make server services (such as email servers) in the DMZ available for access from the internet as well as from the LAN, but does not make you vulnerable to attacks on the LAN from the internet.

Note:All instructions on configuration and settings given in this guide refer to the latest FRITZ!OS for the FRITZ!Box.

1 The FRITZ!Box does not support DMZ

FRITZ!Box does not support the implementation of a DMZ (demilitarized zone).

Workaround

The term "DMZ" is often incorrectly used for the "exposed host" function. If you use the "exposed host" function, all of the ports are opened for a device in the network.

The following step is only necessary if you want to set up an "exposed host" for a device in the FRITZ!Box home network instead of a "DMZ":

Important:Incoming connections to destination ports for which you configured separate port sharing rules are not forwarded to the "exposed host". Instead, they are forwarded to the device specified in the separate port sharing rule.

  1. Click "Internet" in the FRITZ!Box user interface.
  2. Click "Permit Access" in the "Internet" menu.
  3. Click on the "Port Sharing" tab.
  4. Click "New Port Sharing".
  5. Select "Exposed host" from the drop-down list "Port sharing enabled for".
  6. From the drop-down list "to computer", select the (computer) name of the device that you want to set up the exposed host for. If the device does not obtain its IP settings from the FRITZ!Box:
    1. Select "Enter the IP address manually" from the drop-down list "to computer".
    2. Enter the IP address of the device.
  7. Click "OK" to save the settings.