Ask the Expert

How do I set up a DMZ?

How do I begin to set up a demilitarized zone (DMZ)?
The answers to this question are many, depending on what you want to do. Here are a few basics.

First, there are two types of DMZs.

  • In a three-homed perimeter network, the firewall has three network connections. One for connection to the Internet, one for connection to your network and a third, the DMZ on which you place your Web server and other Internet-facing servers.
  • In a second type of DMZ, the back-to-back perimeter network, you use two firewalls, each with two network connections. One firewall, the Internet facing firewall, has a network connection to the Internet and another to the DMZ network. The second firewall has a connection to the DMZ network and then to your Internal network. In this type of DMZ, the DMZ network is sandwiched between your network and the Internet.
In both cases, you must then configure the firewall to restrict traffic coming to and from one network. For example, you could restrict traffic coming from the Internet to the Web server (only port 80, if that is all you need), then you could prevent port 80 traffic from traversing the second firewall and entering your Internal network. Three-homed perimeter network configuration and Back-to-back perimeter network configuration may be useful to you. Both articles provide pictures.

This was first published in April 2003

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: