How to configure a DMZ with a CCTV system

cctv image by Andrius Grigaliunas from

Closed Circuit TV (CCTV) systems are widely used for surveillance and security. The latest generations of CCTV cameras and command consoles work with digital video streams. A properly configured command console allows other computers to connect to it over a regular Internet Protocol (IP) communication network.

Computers connected to the command console can typically view recorded or real-time streams from any camera in the system. However, when the computers accessing the videos and the cameras are in remote networks, network administrators have to make the console accessible from remote machines. Configuring a Demilitarized Zone (DMZ) allows external access to the command console while continuing to keep other hosts in the network behind the firewall.

Plug the network interface for the command console into an unused port in the router. You will configure that port to be the connection to the DMZ (not behind the firewall). That port will be dedicated to hosts in the DMZ in the future.

Log into the command console of the CCTV system as an administrator. Configure the system to allow external access and to use the external IP address expressly allocated to it. The details of this operation depend on the specific model of the CCTV system being configured.

Log into the router as administrator. Make a note of the internal IP address assigned by your router to the command console. Create a DMZ using the router's administrative interface; the DMZ must use the dedicated port, and it must also map the console's external IP address to the internal one. The details for this operation depend on the router's model. On a Netgear router for example, navigate on a Web browser to the router's internal IP address (typically, enter the administrator's username and password, click "Advanced," then "Security." Enter the console's internal IP address in the DMZ section of the Web page. Click "Save."