she1
asked on
what does "DMZ" which is between the inner & outer firewall means?
what does "DMZ" which is between the inner & outer firewall means?
demilitarized zone
The DMZ is an area for you to place servers/machines that you need exposed to the internet and do not want to open up holes into your internal network for accessing them. Some people refer to the DMZ as the anything goes territory because, unless you properly restrict the DMZ machines, they are wide open to attack. In summary,,,,a place to allow direct internet access to machines wihtout having to get to your internal network.
ASKER
so it is inbetween the the inner & outer firewall, inside the inter firewall is the intranet which is your internal network, is it right?
militarized zone is fully exposed to the outside attack, is it right?
thanks
militarized zone is fully exposed to the outside attack, is it right?
thanks
>militarized zone is fully exposed to the outside attack, is it right?
the demilitarized zone is
>>so it is inbetween the the inner & outer firewall, inside the inter firewall is the intranet which is your internal network, is it right?
No, it is outside your firewall
the demilitarized zone is
>>so it is inbetween the the inner & outer firewall, inside the inter firewall is the intranet which is your internal network, is it right?
No, it is outside your firewall
did you check the link I provided, it explains it well
Well, the best way to look at it is this.
Internet
^
|
FIREWALLL --->DMZ network
|
V
Internal network
It is another network card on your firewall, but can visually be looked upon as setting out to the side. The firewall still is used to regulate the DMZ access.
The DMZ is somewhat fully exposed. You can still control access, but it is MORE exposed than your private network by far.
It is just a way to get machines that MUST be accesssed by internet to a place that will limit the exposer to your ENTIRE netowrk.
Hope that helps.
Internet
^
|
FIREWALLL --->DMZ network
|
V
Internal network
It is another network card on your firewall, but can visually be looked upon as setting out to the side. The firewall still is used to regulate the DMZ access.
The DMZ is somewhat fully exposed. You can still control access, but it is MORE exposed than your private network by far.
It is just a way to get machines that MUST be accesssed by internet to a place that will limit the exposer to your ENTIRE netowrk.
Hope that helps.
>>The firewall still is used to regulate the DMZ access
I disagree with this
the firewall is by passed in the DMZ
dmz explained in laymans terms
http://computer.howstuffworks.com/firewall4.htm
I disagree with this
the firewall is by passed in the DMZ
dmz explained in laymans terms
http://computer.howstuffworks.com/firewall4.htm
>>The firewall still is used to regulate the DMZ access
I disagree with this
Of course I'll read any documentation that proves me wrong (always trying to learn) :-)
I disagree with this
Of course I'll read any documentation that proves me wrong (always trying to learn) :-)
Here you go
Trihomed DMZ
I have used this in ISA and Checkpoint Firewalls.
There are many, many diffrent ways to set it up.
http://www.isaserver.org/tutorials/ISA_Server_DMZ_Scenarios.html
Trihomed DMZ
I have used this in ISA and Checkpoint Firewalls.
There are many, many diffrent ways to set it up.
http://www.isaserver.org/tutorials/ISA_Server_DMZ_Scenarios.html
Cool, but I think that is a different scenario than a router/gateway firewall dmz?
I am not going to debate here on she1's dime, but there was no mention of a router/gateway dmz in the posting. It was asked, however, about DMZ between Inner and Outer firewall wich really, my example to she1 was not indicative of.
In the same article you'll see the same setup known as Back to Back Private DMZ. That would be a DMZ that sets between and inner and outer firewall.
You disagreed that the firewall can still be used to regulate DMZ access. Using Checkpoint and ISA I have done just that. Hope that helps clarify where I was coming from in my personal opinion/experience of DMZ configuration options.
In the same article you'll see the same setup known as Back to Back Private DMZ. That would be a DMZ that sets between and inner and outer firewall.
You disagreed that the firewall can still be used to regulate DMZ access. Using Checkpoint and ISA I have done just that. Hope that helps clarify where I was coming from in my personal opinion/experience of DMZ configuration options.
:-)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
basicly and most simplisticly.
A DMZ can either be a "extra" network off your FW or it can be a "safezone" for your internal network.
as an extra network it is just that you basicly have 2 internal networks and 1 external. (yes each internal has 2 external networks)
as a safezone you can route traffic incoming/outgoing through your dmz to be scanned/snooped/pooped before passing to either the internal or external
everything coming from outside your network can either go to your dmz, through your dmz to your internal, or straight to your internal, (reverse for outgoing)
and ofc, as stevenlewis said: demilitarized zone
A DMZ can either be a "extra" network off your FW or it can be a "safezone" for your internal network.
as an extra network it is just that you basicly have 2 internal networks and 1 external. (yes each internal has 2 external networks)
as a safezone you can route traffic incoming/outgoing through your dmz to be scanned/snooped/pooped before passing to either the internal or external
everything coming from outside your network can either go to your dmz, through your dmz to your internal, or straight to your internal, (reverse for outgoing)
and ofc, as stevenlewis said: demilitarized zone