DMZ = DeMilitarized Zone


The DMZ is a locigally and physically separated Ethernet connection from both the internal secure (usually the trusted Intranet) and the external insecure (usually the untrusted Internet) networks provided by a Firewall via a so called three-legged firewall setup (a so called screened-subnet firewall setup is also available using two separate Firewalls).

The DMZ aids the connection of e-Mail Servers, WEB Servers, FTP-Servers or WLAN Access Points on a semi-secure network segment under the following general conditions:

  • Specification of a separate IP addressing subnet
  • Separate physical LAN Ethernet port (or ports), protected by the system Firewall that can acts like a Proxy Server as well.

For anyone on the external insecure network who wants to illegally connect to the internal trusted network, the DMZ is a dead end.


