A demilitarized zone, or DMZ is a zone created on a firewall that can be used to place Internet-facing services such as a web browser. Such a zone is accessible from the Internet, but still maintains some level of security to protect the servers found within it.

The DMZ is a fundamental feature that is provided by Cisco's ASA firewall.

The use of a DMZ is considered best practice when you have services you want to offer to Internet users. Placing such services within the INSIDE network is possible, but can become difficult to manage, and less intuitive, and can introduce security issues for INSIDE network hosts.