How do I set up a DMZ?

Published: 22 Apr 2003

How do I begin to set up a demilitarized zone (DMZ)?

The answers to this question are many, depending on what you want to do. Here are a few basics.

First, there are two types of DMZs.

In a three-homed perimeter network, the firewall has three network connections. One for connection to the Internet, one for connection to your network and a third, the DMZ on which you place your Web server and other Internet-facing servers.
In a second type of DMZ, the back-to-back perimeter network, you use two firewalls, each with two network connections. One firewall, the Internet facing firewall, has a network connection to the Internet and another to the DMZ network. The second firewall has a connection to the DMZ network and then to your Internal network. In this type of DMZ, the DMZ network is sandwiched between your network and the Internet.

In both cases, you must then configure the firewall to restrict traffic coming to and from one network. For example, you could restrict traffic coming from the Internet to the Web server (only port 80, if that is all you need), then you could prevent port 80 traffic from traversing the second firewall and entering your Internal network. Three-homed perimeter network configuration and Back-to-back perimeter network configuration may be useful to you. Both articles provide pictures.

How do I set up a DMZ?

Dig Deeper on Windows legacy operating systems

DMZ (networking)

A glossary of 10 essential network security terms

Prevent a network security attack by isolating the infrastructure

Do DMZ networks still provide security benefits for enterprises?

SearchVirtualDesktop

Guide for WVD pricing with Microsoft Azure

Why and when to use Windows Virtual Desktop

Compare Citrix Virtual Apps and Desktops vs. WVD

SearchWindowsServer

Exchange Server bugs continue to bite on April Patch Tuesday

Azure MFA NPS extension boosts authentication capabilities

Azure File Sync service puts pep in hybrid storage setups