1
00:00:00,05 --> 00:00:03,01
- [Instructor] A true DMZ is the most secure

2
00:00:03,01 --> 00:00:04,09
firewall architecture.

3
00:00:04,09 --> 00:00:07,09
To set up true DMZ what you need is

4
00:00:07,09 --> 00:00:12,02
two network firewall host and switches.

5
00:00:12,02 --> 00:00:16,02
The first network file host serves as an external firewall

6
00:00:16,02 --> 00:00:21,00
interfacing with the external network and the DMZ.

7
00:00:21,00 --> 00:00:23,07
The second network firewall host acts as

8
00:00:23,07 --> 00:00:28,01
an internal firewall interfacing with the DMZ

9
00:00:28,01 --> 00:00:30,07
and the internal network.

10
00:00:30,07 --> 00:00:33,03
When we have one network firewall

11
00:00:33,03 --> 00:00:35,08
in a much simpler topology,

12
00:00:35,08 --> 00:00:38,02
it only separates the external network

13
00:00:38,02 --> 00:00:40,09
from the internal network.

14
00:00:40,09 --> 00:00:43,03
In the true DMZ topology,

15
00:00:43,03 --> 00:00:47,05
we introduce a second network file host.

16
00:00:47,05 --> 00:00:51,00
Therefore, in between the two network file host

17
00:00:51,00 --> 00:00:56,02
we're creating a new sub-net, which is our DMZ.

18
00:00:56,02 --> 00:01:00,07
Think of this as adding a second network file host

19
00:01:00,07 --> 00:01:02,06
through the internal interface

20
00:01:02,06 --> 00:01:05,07
of the first network file host.

21
00:01:05,07 --> 00:01:08,00
In the true DMZ topology,

22
00:01:08,00 --> 00:01:10,06
we protect an internal network better

23
00:01:10,06 --> 00:01:14,04
because it's behind the second firewall.

24
00:01:14,04 --> 00:01:19,00
There are two layers of firewalls in this architecture.

25
00:01:19,00 --> 00:01:23,01
Your internal network hosts get additional protection

26
00:01:23,01 --> 00:01:27,02
and separation from the hosts in the DMZ.

27
00:01:27,02 --> 00:01:32,00
True DMZ is a gold standard in network security.