In Computer Networking, what is DMZ?

Derek Schauland

A Demilitarized Zone (DMZ) is a network segment that is separated from other networks. Many organizations use them to separate their Local Area Networks (LAN) from the Internet. This puts additional security between their corporate network and the public Internet. It can also be used to separate one particular machine from the rest of a network, moving it outside of the protection of a firewall.

A Demilitarized Zone (DMZ) may be used for security purposes.
A Demilitarized Zone (DMZ) may be used for security purposes.

Frequent Uses

Common items that are placed in a DMZ are public-facing servers. For example, if an organization maintains its website on a server, that web server could be placed in a computer "Demilitarized Zone." In this way, if a malicious attack ever compromises the machine, the remainder of the company's network remains safe from danger. Someone can also place a computer on a DMZ outside of a network to test for connectivity issues being created by a firewall protecting the rest of the system.

If an organization maintains its website on a server, the web server can be placed in a computer "Demilitarized Zone" separated from other networks.
If an organization maintains its website on a server, the web server can be placed in a computer "Demilitarized Zone" separated from other networks.

Router Setup and Functionality

When connecting a LAN to the Internet, a router provides a physical connection to the public Internet, and firewall software offers a gateway to prevent malicious data from entering the network. One port on the firewall often connects to the network using an internal address, allowing traffic being sent out by individuals to reach the Internet. Another port is usually configured with a public address, which allows Internet traffic to reach the system. These two ports allow inbound and outbound data to communicate between the network and the Internet.

Purpose of a Demilitarized Zone

In creating a DMZ, an organization adds another network segment or subnet that is still part of the system, but not connected directly to the network. Adding a DMZ makes use of a third interface port on the firewall. This configuration allows the firewall to exchange data with both the general network and the isolated machine using Network Address Translation (NAT). The firewall does not usually protect the isolated system, allowing it to connect more directly to the Internet.

NAT Functionality

Network Address Translation allows data received on a certain port or interface to be routed to a specified network. For example, when someone visits an organization's web site, the browser is sent to the server hosting the site. If this organization keeps its web server in a DMZ, the firewall knows that all traffic sent to the address associated with their web site should be passed to the server sitting in the DMZ, rather than directly into the organization's internal network.

Drawbacks and Other Methods

Since the DMZ computer lies outside of the firewall's protection, it may be vulnerable to attacks from malicious programs or hackers. Companies and individuals should not store sensitive data on this type of system, and know that such a machine can potentially become corrupted and "attack" the rest of the network. Many networking professionals recommend "port-forwarding" for people experiencing networking or connection issues. This provides specific, targeted access to certain network ports, without opening up a system entirely.

You might also Like

Discussion Comments


The answer is quite descriptive, thanks for your input.


Thanks for the information about DMZ


thanks very much. really a very good explanation.


good one. anyone can grasp the concept well with this explanation.


It is crystal clear. --satish


Good one. it helps.


nice one.


good and clear explanation,thanks. Paramsh


Most crisp DMZ explanation over the net. Superb. Thanks a lot.


thank for the simple explanation.


great work. thanks. shiva


Excellent article.


Very good explanation.


great info. thanks.


Good one.


thanks and got the complete understanding of the DMZ.


good article. thanks.


Superb way of explanation, really useful.


This is a clear and simple explanation.




Very well written...


wow, simple and clear explanation, thanks.


I didn't know DMZ applies in the computing world! I always thought it was confined to the political/military world!

Post your comments
Forgot password?