The network is categorized based on the traffic’s originating point and its destination. This can be:
- Trusted – a private sector of the network that requires shielding against security threats and attacks. Traffic originating from less trusted areas of the firewall is blocked, enhancing security on computers.
- Untrusted – areas of the network like the Internet segment of the firewall that are vulnerable to security threats.
- Demilitarized Zone (DMZ) – this is an area like a web server, that normally supports computers or services that are used by authorized users and untrusted external individuals. The Demilitarized Zone operates between trusted and untrusted zones. The Demilitarized Zone is considered untrusted when classifying the area from within the private trusted network. Traffic originating from the DMZ will be blocked in this case.
A firewall configuration is made up of an inside trusted interface and an outside untrusted interface. Firewalls that are jointly configured can have A DMZ area set up between them. The perimeter router provides the Internet Service Provider (ISP) connection. The more advanced firewall models are known as three-pronged firewalls that have no fewer than three interfaces: an inside trusted interface, an outside untrusted interface and a DMZ connecting to an area that is partially trusted.