Definitions of the DMZ on the firewall


A dmz is an intermediate zone between a military zone and a public zone. A dmz zone configured on a FW is logically and physically separated from internal and external networks.
Devices that provide network services for external users are deployed in a dmz zone. These devices include WWW and FTP servers. The servers run security risks if they are placed on an external network. If the servers are placed on an internal network, their security vulnerabilities may provide an opportunity for external malicious users to attack the internal network. The dmz zone is developed to solve the preceding problems.

Other related questions:
What is the firewall in TypeII?
In Typell, the firewall is the system of access control policies in a VPC. Based on the inbound and outbound rules associated with VPC, the firewall determines whether data packets are allowed to flow in or flow out of any associated VPC.

Definition of transparent mode for the firewall
For the firewall, the transparent mode is a common deployment mode. The service interfaces of the device work at Layer 2 (data link layer) to forward Layer 2 packets. In this case, the device can serve as a switch and can perform security protection on the traffic without changing the original network structure and configuration after being connected to the original gateway device in transparent mode. Therefore, this deployment mode is usually called the "transparent mode".

Definition of dynamic loading on the firewall
Dynamic loading of the firewall refers to loading services or functions to a running system. The service or function code is loaded to the system as module-specific files after dynamic loading commands are executed. Dynamic loading enables the system to provide new or enhanced functions or services even if the system software is not upgraded, keeping the system up-to-date without interrupting service continuity. A license is required for the dynamic loading module. If the dynamic loading license is not loaded or activated, no dynamic loading module is unavailable. The dynamic loading modules of the firewall consist of content security and URL filtering packages.

Definition of the security level of a security zone on the firewall
In a VPN instance, each security zone has a globally unique security priority. That is, two security zones with the same security priority do not exist in a VPN instance. The security level ranges from 1 to 100. A larger value indicates a higher security level. By default, the device has four security zones, and their security levels are as follows: 1. The Untrust zone is a security zone with a low security level, namely, 5. It is usually used to define insecure networks, such as the Internet. 2. The DMZ is a security zone with a medium security level, namely, 50. It is usually used to define the zone where the intranet server resides. Devices of this type are deployed on the intranet but frequently accessed from the extranet, causing large security risks. In addition, they are not allowed to proactively access the extranet. Therefore, they are deployed in a zone whose security level is lower than Trust but higher than Untrust. 3. The Trust zone is a security zone with a relatively high security level, namely, 85. It is usually used to define the zone where the intranet device users reside. 4. The Local zone is the security zone of the highest security level, namely, 100. A local zone is a device itself, including interfaces on the device. All packets constructed on and proactively sent from the device are regarded as from the Local area; those to be responded and processed by the device (including the packets to be detected or directly forwarded) are regarded as to the Local zone. Users cannot change Local zone configurations, for example, adding interfaces to the Local zone. You cannot delete a default security zone or reset its security level. You can also create security zones and define their security levels as required.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top