Firewall with DMZ

The demilitarized zone (DMZ) represents a special area of the local area network, which is shielded by a firewall both from the Internet and from the LAN itself. Computers or servers that should be accessible from the unsecured network (Internet) should be placed into this network. These include, for example, your own FTP and Web servers.

First and foremost, the firewall protects the DMZ against attacks from the Internet. Additionally, the firewall also protects the LAN against the DMZ. The firewall is configured so that only the following accesses are possible:





Some router models support this setup by means of a separate LAN interface used only for the DMZ. Looking at the data path through the device, the function of the firewall for shielding the LAN from the DMZ becomes clear.





The direct data exchange between LAN and DMZ is not possible via the LAN bridge if a dedicated DMZ port is used. The path from the LAN to the DMZ and vice versa is therefore only through the router, and thus through the firewall. This in turn shields the LAN against requests from the DMZ as well as against the Internet.

Note: For many network structures, shielding the DMZ against the Internet on the one hand and the LAN on the other requires the use of two separate firewalls. When using a device with a DMZ port, only one device is needed for this configuration, which has the advantage of a much simplified configuration.

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo