Skip to main content

Home Screened subnet firewall

Screened subnet firewall

(also triple-homed firewall)

Screened subnet firewall definition

A screened subnet firewall is network security architecture that delivers an additional layer to protect against third-party attacks. This security system consists of three interfaces. The first one, the public interface, connects to the internet. The second one, the screened subnet or the demilitarized zone (DMZ), serves as the buffer and separates the internal and external areas. The third interface connects to the internal network. The screened subnet firewall enhances network security by isolating sensitive systems from the internet, lowering the possibility of unauthorized access and the risk of viruses, malware, and other cyber threats.

Screened subnet firewall vs. screened host firewall

  • A screened subnet firewall employs two screening routers to define three subnets. A cybercriminal would have to bypass two filtered routes to intrude into the internal network, making it the more secure type of these two firewalls.
  • A screened host firewall utilizes one screening router to create two subnets. A third party would need to bypass the DMZ host only to reach the internal network hosts, making it the less secure alternative.

Screened subnet firewall advantages

  • Isolates the internal network from external threats
  • Enables more granular control of network traffic
  • Protects systems exposed to the internet against potential cyberattacks
  • Lowers the chances of successful cyberattacks spreading to other network parts

Screened subnet firewall disadvantages

  • Requires configuration and maintenance
  • More complex and expensive than other firewall configurations
  • Can cause latency or network congestion