Add DMZ zones

Use this procedure to set up and use DMZ zones with DMZ nodes. Using DMZ zones with Secure Relay is optional.

About DMZ zones

DMZ zones are a way to direct messages through specific zones. For example, you may want to exchange messages with some partners over the public Internet, but exchange messages with other partners over a virtual private network. You could deploy DMZ nodes so some nodes send over the Internet and some over the VPN. Then you can assign nodes to zones and assign zones to embedded servers and partners.

DMZ nodes are managed:

  • On the DMZ zones tab of the system management page. This is where zones are added. To use DMZ zones, zones must be added before adding DMZ nodes.
  • On the DMZ nodes tab of the system management page. This is where zones are assigned to DMZ nodes upon adding the nodes.
  • On the advanced tab of a transport for a partner. This is where you specify the DMZ zone for messages sent to the partner.
  • On the DMZ ports tab of an embedded server. This is where you specify the DMZ zone for all inbound messages received by the server.

If you delete a zone on the DMZ zones tab, any nodes associated with the zone no longer are assigned to any zone. The zone status of the nodes changes to no zone.

If you have no interest in ordering message traffic through specific DMZ nodes, ignore the DMZ zones tab.

Users of version 5.8 and later of Interchange can use DMZ zones with DMZ nodes. If you used DMZ nodes in an earlier version and upgraded to 5.8 or later, the pre-existing nodes do not have zones and cannot be assigned to zones. To use zones, stop and delete the DMZ nodes, remove the nodes from the DMZ computers, add one or more DMZ zones, add DMZ nodes and assign them to zones, and deploy the nodes in the DMZ.

  1. Select System management > System management on the top toolbar in the user interface to open the System management page.
  2. On the DMZ zones tab, click Add a zone to open the Configure secure relay zone page.
  3. Type a name and description for the zone. These can be any text you want. We suggest using text meaningful to the intended use of the zone.
  4. Click Add to add the zone. The DMZ nodes tab displays and lists the new zone. Under the Hosts column is the message not in use. The next step is to associate the zone with a DMZ computer (host) running a DMZ node.
  5. DMZ zones tab on System management page
  6. Go to Add a DMZ node and add a node. On the page for adding a node, select a zone for the node. Do not use the default no zone setting. After adding and starting the node, return to this procedure and go to the next step.
  7. Review the DMZ zones tab. Now the name or IP address of the DMZ computer running the node assigned to the zone is listed in the Hosts column.
  8. DMZ zones tab section on System management page showing the IP address of the DMZ computer.
  9. Perform other usual tasks for Secure Relay configuration.
    1. Turn on port forwarding. See Enable port forwarding for an exchange.
    2. Configure the load balancer or firewall. See Configure load balancer or firewall.
    3. Turn on outbound proxying for Secure Relay. See Configure outbound connection proxy.
  10. Assign zones to partners. Messages are sent via the assigned zone.
  11. On a partner summary page, click Delivery exchange on the navigation graphic at the top of the page. Click the name of a transport to open its maintenance page. Select the Advanced tab. Select a zone from the drop-down list and click Save changes.

Related topics

Related Links