As an Enterprise Network Administrator, we must ensure that the Intranet speed of the enterprise is normal, and that the computers of employees in the enterprise intranet are not attacked by viruses or hackers. Is there a way for us to make both hands hard? The answer is yes. Today, I would like to invite you to follow the instructions to make up for the inherent defects of the DMZ bastion host so that we can take into account both security and speed.
A DMZ bastion host defect:
First, we need to know that the DMZ bastion host settings are the most common methods in the enterprise network. Generally, computers connected to the enterprise intranet or the computer of the route exchange device should be considered as the Intranet, when computers are connected to the Intranet, they may encounter various troubles, such as direct communication between services and failure of P2P software to obtain high IDs. Under normal circumstances, the network administrator can enable the DMZ function of the routing switch device, so that the computer in the DMZ area can be connected directly like the Internet, thus breaking through the above restrictions.
However, there are two problems in actual use. First, the computers on the DMZ bastion host are the same as those on the Internet and are exposed to external intrusion and virus attacks; on the other hand, DMZ host settings need to be separately divided into network segments. For low-end and Middle-end Routing Switching devices, DMZ hosts can only be set to one or several, and cannot be flexibly enabled.
Two-step solution to DMZ bastion host defects:
These two problems have caused small and medium-sized enterprises to encounter some problems when using DMZ bastion hosts, how can I protect Intranet computers through Routing Switching devices and release DMZ for multiple computers or solve intranet application restrictions? Below we will ask you to follow the instructions to make up for DMZ functional defects.
Step 1: When our computer is in the Intranet for download or other network applications, we often find that the speed is very low, the network status is limited, and the related download is only a few KB/S. (1)
Step 2: although we can break through this restriction through the DMZ host settings of the routing switch device, most low-end routing switch devices only allow us to set an IP address as the DMZ host, therefore, it is very inconvenient to use. (2)
Step 3: To completely break through the defects of the DMZ bastion host function, we need to start from the local machine. First, check "Network Neighbor"-> "attribute". Here we will see the corresponding local connection. (3)
Step 4: if you have the "Internet gateway" display icon, you only need to enable the UPNP feature of the routing switch device to achieve speed breakthroughs and the Intranet security protection. If you do not have Internet gateway information, follow these steps to enable it.
Step 5: To enable the local machine to have the "Internet gateway" icon and support the UPNP function, you must choose "start"> "run"> "Enter services. msc, and then enter the Service settings window, find SSDP Discovery Service and Universal Plug and Play Device Host to set it to start. (4)