In the typical firewall scenario, the firewall separates three distinct network zones: the Internet, the private network and the DMZ. Inbound connections from the Internet are allowed only to servers in the DMZ; no direct connections are allowed between the Internet and the private network. Servers that offer services to the public (e.g. Web servers, SMTP servers) are placed in the DMZ, while servers that offer services to internal users reside on the private network.
The VPN provides remote users with access to private resources. Users authenticate to the VPN, and may then access internal resources on the private network through that VPN connection.
This was first published in April 2007