Role and placement of a DMZ on a network

Referencing your Q&A from Aug. 29, what role does a demilitarized zone (DMZ) play on a network? Where is it pl


Let's handle the placement first. The DMZ is placed in conjunction with your firewall. If you have a dual-bastion type firewall, the DMZ is between the bastion hosts that make up the firewall. If you have a single firewall machine, the DMZ is on an interface of the firewall that is separate from the rest of the network that it is protecting. The main purpose for a DMZ is to provide a place for systems on your network that need to have less protection than the rest of your systems. Examples of such systems include those that must be able to be seen by the rest of the Internet, such as Web and e-mail servers. The DMZ segment of your network must use public IP addressing, whereas the rest of your network can use private IP addresses using Network Address Translation in the firewall to allow communications. The SANS Institute has a paper entitled Designing a DMZ that provides much more information on this topic.

This was first published in November 2001

Dig deeper on DMZ Setup and Configuration



Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: