What is DMZ

Posted on 2007-08-05
Last Modified: 2010-04-09
Any simple and good intro of DMZ, totall new concept.
We are trying to prove our system is under DMZ, actually is using VPN in working.
Question by:turbot_yu
    LVL 27

    Assisted Solution


    Author Comment

    yes, any others.
    LVL 27

    Assisted Solution

    Please check this book:

    On the Internet I didn't find anything more usefull but this book seems quite exhaustive.

    LVL 77

    Accepted Solution

    The DMZ is the DeMilitarized Zone of your firewall. There are 3 interfaces on most units. Internal - which is your secure network, External - which is the unsecured network, usually the Internet, and the DMZ which falls somewhere in between. Security in the DMZ is much lower, as a rule offering only NAT (Network Address Translation) protection, though you have the ability to create rules to further protect it. This zone is usually reserved for services to be offered to Internet users so that you do not have to grant them access to your internal network. A good example of its use is for a web server.

    You mention your VPN is configured to use the DMZ? Is that the case? It is less secure. Your VPN should be set up using the internal network. If you are using a VPN server that works in the DMZ but not the Internal network, it is likely due to the fact that the necessary encryption protocol; PPTP, L2TP, or IPSec is not being allowed to pass to the internal network. Putting it in the DMZ works, as all traffic is allowed by default. If you are having problems with your VPN, please elaborate on the type of VPN, such as hardware and or software, and perhaps we could provide more details.
    LVL 13

    Assisted Solution

    I had a lot more, but it was way too much info. In a nutshell, a DMZ is a sheltered area defined by the firewall that is access-controlled from the internet but is also sheltered from your internal network Usually, it is carved out of your public address space.

    For example, you may have a web server sitting in the DMZ that needs to pull data from a SQL server. From the internet, you allow ports ports 80 and 443 (for https) from the outside to the DMZ. Your Then you have another opening from the DMS to the inside on port 1433 for the SQL connection. This way, you can give the web server access to the SQL server without making it directly available to the outside.

    VPN solutions should be in-line with the firewall; they should not involve the DMZ at all.
    LVL 77

    Expert Comment

    by:Rob Williams
    Thanks turbot_yu.
    Cheers !

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
    Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    26 Experts available now in Live!

    Get 1:1 Help Now