Ask the Expert

Role and placement of a DMZ on a network

Referencing your Q&A from Aug. 29, what role does a demilitarized zone (DMZ) play on a network? Where is it placed?

    Requires Free Membership to View

Let's handle the placement first. The DMZ is placed in conjunction with your firewall. If you have a dual-bastion type firewall, the DMZ is between the bastion hosts that make up the firewall. If you have a single firewall machine, the DMZ is on an interface of the firewall that is separate from the rest of the network that it is protecting.

The main purpose for a DMZ is to provide a place for systems on your network that need to have less protection than the rest of your systems. Examples of such systems include those that must be able to be seen by the rest of the Internet, such as Web and e-mail servers. The DMZ segment of your network must use public IP addressing, whereas the rest of your network can use private IP addresses using Network Address Translation in the firewall to allow communications.

The SANS Institute has a paper entitled Designing a DMZ that provides much more information on this topic.

This was first published in November 2001

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: