Perimeter network scenarios

Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

A perimeter network (also known as a DMZ, demilitarized zone, and screened subnet) is a small network that is set up separately from an organization's private network and the Internet. The perimeter network allows external users access to the specific servers located in the perimeter network while preventing access to the internal corporate network. An organization may also allow very limited access from computers in the perimeter networks to computers in the internal network.

A perimeter network is commonly used for deploying the e-mail and Web servers for the company. The perimeter network can be set up in one of these configurations:

For example, the perimeter network may include the company's Web server, so that Web content can be sent to the Internet. However, the perimeter network does not allow access to any other company data that may be available on computers in the local network. Even if an external user penetrates the perimeter network security, only the perimeter network servers are compromised.