Installation guide
Packet filtering 30-11
Chapter 30: Understanding Wave Data Networking
Wave Global Administrator Guide
The following diagram shows an illustrative network with public, private, and DMZ areas,
where Wave is connected to the Internet over a WAN, the private network consists of
192.168.1.0 and 192.168.2.0, and the DMZ is 222.222.222.0.
DMZ networks
A DMZ (De-Militarized Zone) network is where publicly-accessible servers are typically
located, such as Web servers and email servers. More importantly, in an environment with a
private network (see “Private networks”), only machines in the DMZ communicate directly
with the Internet.
To enforce this security, properly constructed packet filters will:
• Allow the DMZ to communicate with the Internet
• Reject any direct communication between the private network and the Internet
• Optionally restrict communication between the DMZ and the Internet to particular
services
• Optionally restrict communication between the DMZ and the private network to
particular services
This section discusses the first two goals, which are enough for most environments. The latter
two goals are covered in “Protocol and port filtering of common services” on page 30-14, and
should be used in environments where security is an important issue.
Demilitarized Zone (DMZ)
Web Email Proxy
222.222.222.0
WAN
Public
Internet
Wave
192.168.2.0
192.168.1.0
Private Intranet
Release 2.0
September 2010