Specifications
Advanced Deployment Options
3-13
Because a DMZ is a network area (a subnetwork) that sits between an organization's
internal network and an external network, two appliances are necessary to protect
both areas.
See figure 3-9 for an illustration of a deployment with two appliances deployed as
mentioned above. In the illustration, the company LAN is the area with a gray border
and the DMZ is the area with a red border.
FIGURE 3-9. Deployment in a DMZ environment (requires two appliances)
Internet
Network switch or router
Firewall
Mail server
HTTP server
FTP server
Client computers in the company network
LAN switch or router
Perimeter network
(DMZ)
Primary network
InterScan
appliance
A
SMTP
server
(for
example)
InterScan
B
appliance