Help Topic: Internet - DMZ (Exposed Host)

DMZ

DMZ is short for Demilitarized Zone.

A demilitarized zone is a network area (a subnetwork) that sits between an your internal network and an external network, usually the Internet. The point of a DMZ is that connections from the internal and the external network to the DMZ are permitted, whereas connections from the DMZ are only permitted to the external network - hosts in the DMZ may not connect to the internal network. This allows the DMZ's hosts to provide services to the external network while protecting the internal network in case intruders compromise a host in the DMZ. For someone on the external network who wants to illegally connect to the internal network, the DMZ is a dead end.

The ${_global.productname} uses a slightly different approach. The DMZ (Exposed Host) connects to the internal network without further security. That is, the DMZ host is able to connect to hosts on the internal network, but hosts in a real DMZ are prevented from doing so by the firewall that sits between them.