[Webinar] Streamline your web hosting managementRegister Today


What is DMZ

Posted on 2007-08-05
Medium Priority
Last Modified: 2010-04-09
Any simple and good intro of DMZ, totall new concept.
We are trying to prove our system is under DMZ, actually is using VPN in working.
Question by:turbot_yu
LVL 27

Assisted Solution

Tolomir earned 800 total points
ID: 19633913

Author Comment

ID: 19634360
yes, any others.
LVL 27

Assisted Solution

Tolomir earned 800 total points
ID: 19634511
Please check this book:


On the Internet I didn't find anything more usefull but this book seems quite exhaustive.

The eGuide to Automating Firewall Change Control

Today’s IT environment is constantly changing, which affects security policies and firewall rules. Discover tips to help you embrace this change through process improvement & identify areas where automation & actionable intelligence can enhance both security and business agility.

LVL 78

Accepted Solution

Rob Williams earned 800 total points
ID: 19641443
The DMZ is the DeMilitarized Zone of your firewall. There are 3 interfaces on most units. Internal - which is your secure network, External - which is the unsecured network, usually the Internet, and the DMZ which falls somewhere in between. Security in the DMZ is much lower, as a rule offering only NAT (Network Address Translation) protection, though you have the ability to create rules to further protect it. This zone is usually reserved for services to be offered to Internet users so that you do not have to grant them access to your internal network. A good example of its use is for a web server.

You mention your VPN is configured to use the DMZ? Is that the case? It is less secure. Your VPN should be set up using the internal network. If you are using a VPN server that works in the DMZ but not the Internal network, it is likely due to the fact that the necessary encryption protocol; PPTP, L2TP, or IPSec is not being allowed to pass to the internal network. Putting it in the DMZ works, as all traffic is allowed by default. If you are having problems with your VPN, please elaborate on the type of VPN, such as hardware and or software, and perhaps we could provide more details.
LVL 13

Assisted Solution

by:Yancey Landrum
Yancey Landrum earned 400 total points
ID: 19641659
I had a lot more, but it was way too much info. In a nutshell, a DMZ is a sheltered area defined by the firewall that is access-controlled from the internet but is also sheltered from your internal network Usually, it is carved out of your public address space.

For example, you may have a web server sitting in the DMZ that needs to pull data from a SQL server. From the internet, you allow ports ports 80 and 443 (for https) from the outside to the DMZ. Your Then you have another opening from the DMS to the inside on port 1433 for the SQL connection. This way, you can give the web server access to the SQL server without making it directly available to the outside.

VPN solutions should be in-line with the firewall; they should not involve the DMZ at all.
LVL 78

Expert Comment

by:Rob Williams
ID: 19781998
Thanks turbot_yu.
Cheers !

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question