DMZ = DeMilitarized Zone


The DMZ is a logically and physically separated Ethernet connection from both the internal secure (usually the trusted Intranet) and the external insecure (usually the untrusted Internet) networks provided by a Firewall via a so called three-legged firewall setup (a so called screened-subnet firewall setup is also available using two separate Firewalls).

The DMZ aids the connection of e-Mail Servers, WEB Servers and FTP Servers or WLAN Access Points on a semi-secure network segment under the following general conditions:

  • Specification of a separate IP addressing subnet
  • Separate physical LAN Ethernet port (or ports), protected by the system Firewall that can acts like a Proxy Server as well

For anyone on the external insecure network who wants to illegally connect to the internal trusted network, the DMZ is a dead end.


DMZ ist eine logisch und physikalisch getrennte Ethernet-Verbindung zwischen einem internen, sicheren Netz (üblicherweise ein vertrauliches Intranet) und einem externen, unsicheren Netz (in der Regel das Internet). Die Verbindung wird durch eine Firewall hergestellt.

DMZ bietet eine sichere Verbindung für Email-, WEB und FTP Server und WLAN Access Points.

See also / Siehe auch