Hi can i ask what are the key differences between a DMZ and VLAN? the pros and cons and when and how do we decide what to use? Thanks
How is DMZ different from VLAN?
Hey @Gilbert-Choo great question:
A DMZ (demilitarized zone) is also known as a screened subnet or perimeter network. These are created when an organization wants to give public access to internal resources, commonly something like a webserver, but does not want the grant public access into the internal network for security concerns. They will create a DMZ on the firewall which exposes that one (or more) internal resource(s) to the public, but the firewall will not let the connections go into the internal network.
A VLAN on the other hand is a LAN-based implementation, that allows network admins divide up the ports on an Ethernet switch into logical groups. These groupings are called VLANs, and will restrict communications to only those devices in that VLANs. This restricts broadcast communications to that VLAN as well. Another way you can look at VLANs is, they are a way to divide a switch logically into multiple switches.
I hope this helps and look forward to any follow up questions you may have! Thank you for watching,