A Demilitarized Zone is a buffer between the protected and unprotected parts of the network.

  • The DMZ is located on a screened subnetwork rather than the protected network, to prevent unauthorized access.
  • A DMZ can be created between the perimeter router and an internal firewall, and can accommodate a Web server, email server, or another type of bastion host or proxy server.
  • The DMZ may allow remote access from any user or can limit access to specific hosts or networks.