A demilitarized zone (DMZ) makes certain routers in a network accessible from the Internet. These computers in the DMZ are generally used to offer Internet services such as e-mail or similar services. The rest of the network should of course be inaccessible for attackers on the Internet.
In order to allow this architecture, data traffic between the three zones Internet, DMZ and LAN must be analyzed by a firewall. The firewall's tasks can also be consolidated in a single device (router). For this, the router needs three interfaces that can be monitored separately from each other by the firewall:
- LAN interface
- WAN interface
- DMZ interface
Note: The table lists the devices supporting this feature.
