How do a DMZ and VPN work together?

In this SearchSecurity.com Q&A, network security expert Mike Chapple explains the three distinct network zones in a typical firewall scenario and reveals how the DMZ and VPN, in particular, co-exist.

Mike Chapple, University of Notre Dame

Published: 22 Apr 2007

If you have a VPN firewall router, will it be affected in any way by the setup of a DMZ server? In other words, would a DMZ server and a VPN be able to co-exist together?

A demilitarized zone (DMZ) and virtual private network (VPN) can certainly co-exist. In fact, they were designed to work together.

In the typical firewall scenario, the firewall separates three distinct network zones: the Internet, the private network and the DMZ. Inbound connections from the Internet are allowed only to servers in the DMZ; no direct connections are allowed between the Internet and the private network. Servers that offer services to the public (e.g. Web servers, SMTP servers) are placed in the DMZ, while servers that offer services to internal users reside on the private network.

The VPN provides remote users with access to private resources. Users authenticate to the VPN, and may then access internal resources on the private network through that VPN connection.

How do a DMZ and VPN work together?

In this SearchSecurity.com Q&A, network security expert Mike Chapple explains the three distinct network zones in a typical firewall scenario and reveals how the DMZ and VPN, in particular, co-exist.

More on this topic

Dig Deeper on Network security

An intro to the IDMZ, the demilitarized zone for ICSes

3 ways to retool UC platform security architecture models

screened subnet

DMZ in networking

Related Q&A from Mike Chapple

Wired vs. wireless network security: Best practices

The difference between AES and DES encryption

How would a cyberattack information database affect companies?