Q

How do I set up a DMZ?

How do I begin to set up a demilitarized zone (DMZ)?
The answers to this question are many, depending on what you want to do. Here are a few basics.

First, there are two types of DMZs.

  • In a three-homed perimeter network, the firewall has three network connections. One for connection to the Internet, one for connection to your network and a third, the DMZ on which you place your Web server and other Internet-facing servers.
  • In a second type of DMZ, the back-to-back perimeter network, you use two firewalls, each with two network connections. One firewall, the Internet facing firewall, has a network connection to the Internet and another to the DMZ network. The second firewall has a connection to the DMZ network and then to your Internal network. In this type of DMZ, the DMZ network is sandwiched between your network and the Internet.
In both cases, you must then configure the firewall to restrict traffic coming to and from one network. For example, you could restrict traffic coming from the Internet to the Web server (only port 80, if that is all you need), then you could prevent port 80 traffic from traversing the second firewall and entering your Internal network. Three-homed perimeter network configuration and Back-to-back perimeter network configuration may be useful to you. Both articles provide pictures.
This was first published in April 2003

Dig deeper on Windows legacy operating systems

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close