Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
How to configure the demilitarized zone (DMZ) interface in the ASA 5500 Series Firewalls
A DeMilitarized Zone (DMZ) is a part of a network separated from other systems by a Firewall which allows only certain types of network traffic to enter or leave. A DMZ or perimeter network is a network area (a subnetwork) that sits between an organisation's internal network and an external network, usually the Internet. For example, Public web servers might be placed in such a DMZ. With the DMZ approach, large companies with complex e-commerce Internet and extranet applications may have a two-tiered approach to firewall security.
A DMZ network enables Internet users to access the public servers of a company, which includes web servers and FTP servers.
The DMZ network maintains the security for a company's private LAN.
The configuration of the DMZ in the device can be broadly divided into these three parts:
Interface Security Level Traffic is allowed from a higher security interface to a lower security interface by default. But, the reverse case is blocked.
Each interface has a unique name and security level that you can change using the nameif command. By default, Ethernet0 is named outside and assigned the level security 0. Ethernet1 is named inside with the level security 100.The default security level of perimeter interfaces starts at security 10 for Ethernet2 (DMZ interface). You can choose any unique security level between 1 and 99 for a perimeter interface.