A demilitarized zone (DMZ) is to protect your publicly reachable servers behind
the firewall. The difference between the more common scenario with two
interfaces and the DMZ, where you use three interfaces, is that the third
interface is a separate segment to which you connect your publicly reachable
servers. This includes for example your web server, mail server, dns and
others.
You can set up light filtering to your DMZ interface in addition to a more
rigorous filtering to the private interface. A DMZ will typically have -
- a public interface, which connects to an ISP
- a private interface, which connects to your Internal LAN
- a DMZ interface, which connects to a separate segment where your publicly
reachable servers are.
Regards
William Kelly
Kedar Deshpande wrote:
> Hi,
>
> I think Thats not true..!!DMZ is a region which is which a seperate
> network.In our secured network we need that some servers like web servres r
> to be accessed from outside .So we keep them in seperate network..normally
> connected on seperate interface on FW.but that zone is also very well
> proteected by firewall..but less secured than internal interface..
>
> regards,
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Jason Centrella
> Sent: Tuesday, September 19, 2000 2:38 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Pass-thru DMZ?
>
> DMZ stands for demilitarized zone. It usually means that you are can put a
> machine or server outside of your firewall. This means that this particular
> machine will not be protected by the firewall.
>
> -Jay
>
> Dave Malik wrote:
>
> > I wanted to find out what would be the correct setup/definition of a
> > "pass-thru DMZ". I think the PIX experts would probably know this.
> >
> > Any comments are appreciated.
> >
> > Regards,
> > Dave
> >
> > _________________________________________________________________________
> > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
> >
> > Share information about yourself, create your own public profile at
> > http://profiles.msn.com.
> >
> > **NOTE: New CCNA/CCDA List has been formed. For more information go to
> > http://www.groupstudy.com/list/Associates.html
> > _________________________________
> > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> > FAQ, list archives, and subscription info: http://www.groupstudy.com
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> **NOTE: New CCNA/CCDA List has been formed. For more information go to
> http://www.groupstudy.com/list/Associates.html
> _________________________________
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> **NOTE: New CCNA/CCDA List has been formed. For more information go to
> http://www.groupstudy.com/list/Associates.html
> _________________________________
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
