What is a DMZ and what systems are typically placed in it?

A demilitarized zone, or DMZ, is a network segment that sits between the external untrusted network and the internal trusted network, separated by firewalls on both sides. Systems that need to be accessible from the internet but also communicate with internal resources are placed in the DMZ. Typical DMZ systems include web servers, email gateways, DNS servers, reverse proxies, and VPN concentrators. The outer firewall allows specific internet traffic to reach DMZ services, while the inner firewall restricts DMZ systems from freely accessing the internal network.