DMZ

DMZ stands for De-Militarised Zone. In a firewalled network environment, it is a separate physical network that houses the Internet facing servers. The concept is to make strict restrictions about communications being initiated from the DMZ into the local network, to aid in protecting the local network if a server was ever compromised. It would be forbidden to start communications into the workstation network. A second function would be to limit communications being initiated from the DMZ into the Internet, effectively limiting damage to the public network.

For this reason, broadcast communications (like SMB or Windows network browsing); are blocked from leaving the DMZ. The DMZ is therefore not a good place for a Domain Controller or file server.