Installation guide
13
4. Web server as separate (perimeter) network
Once you want to provide web services to the outside world, such as online appointment bookings, you will
probably need a slightly different layout.
Computers that are exposed to the outside (the Internet) for access – and that includes remote access for
maintenance purposes etc – should be placed into a separate ‘perimeter network’ sometimes called a
Demilitarized Zone (DMZ).
Computers placed in the perimeter network can usually communicate with computers within the private
network but only in very strictly controlled ways.
Some firewall devices provide separate network interfaces for this purpose and they can manage the
private and perimeter network in different, adequate ways.
Figure 4: A single firewall handling both the private and the perimeter network