Networking
Configuring DMZ
Cisco ISA500 Series Integrated Security Appliances Administration Guide 141
4
Use the Networking > DMZ page to configure a Demarcation Zone or
Demilitarized Zone (DMZ). A DMZ is a sub-network that is behind the firewall but
that is open to the public. By placing your public services on a DMZ, you can add
an additional layer of security to the LAN. The public can connect to the services
on the DMZ but cannot penetrate the LAN. You should configure your DMZ to
include any hosts that must be exposed to the WAN (such as web or email
servers).
About DMZ networks
This section describes how to configure the DMZ networks. The DMZ
configuration is identical to the VLAN configuration. There are no restrictions on
the IP address or subnet assigned to the DMZ port, except it cannot be identical to
the IP address given to the predefined VLANs.
NOTE Up to 4 DMZs can be configured on the security appliance.