I think that the term DMZ (de-militarized zone which is also called no-man's land) loses its useful meaning if it is used for a segment on the inside of a firewall. I know that it is commonly used for a semi-protected segment on the third NIC of a firewall. But that usage creates a problem because the security significance is different for each architecture and you often have machines (bastion hosts) in the segment outside of firewall (in segment originally coined DMZ)as well as in the semi-protected server segment. Perhaps it would be a good idea to stop using the term DMZ since it no longer has a useful definition if we accept both Paul's and Laura's usage as being valid. That is why I asked for the meaning of the term in the message that started this thread. I normally use the term "external segment" to mean the segment between the main firewall and the Internet router and "server segment" or "semi-protected segment" to mean the segment holding Internet visible servers but which are protected by a firewall. If you have 2 firewalls, the segment between them is a "transition segment". If we differ so much on the definition of DMZ, it has ceased to have any real usefulness and its further use only leads to confusion.
Bill Royds Acting System Administrator, Canadian Heritage Information Network (819) 994-1200 X 239 _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
