firewall rule terminology

Aside from establishing firewall rules between DMZ servers and the outside world (i.e. the Internet). and DMZ severs and the private network, what other types of firewall rules may exist in your environment? Is there any specific terminology for the various types of firewall rules? I am just trying to get a very basic management summary of the various classes of firewall rules that are common.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

this is a very general question ...
trying to summarize:

you have different SECURITY ZONES on a security firewall (i.e.: INSIDE, DMZ, OUTSIDE) ranging from more secure (INSIDE) and less secure (OUTSIDE).

each ZONE has a specific subnet and, to let traffic cross zones, you need a NAT RULE, which translates source subnets to destination subnet and viceversa.

you need a NAT rule if you want to publish any host inside (or in DMZ) of your firewall, to let internet users to see the PORTS you have published on a internal host (i.e.: you'd nat a specific host in your dmz zone by allowing port 80 if it is a webserver)

Then you typically apply rules by identifying source and destination zones:




and that really depends on your requirements.

can't be more specific ...
hope this helps

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pma111Author Commented:
That does help, thanks. Is it common for rules directly from outside (Internet) to a server in your private network (inside (outside-to-inside), or does it normally pass some device in the DMZ first?
it will go directly.
you will place hosts in dmz when you want to be sure not to mess with inside  (i.e. a webserver ).
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.