Demilitarized Zone (DMZ) Application Proxy
Provides a secure intermediary, a stand alone server, as the DMZ. This is a sterile holding area until the partner is successfully validated. Then a separate session is established from the DMZ to the trusted zone.
Firewall navigation best practices
Minimize rich targets in the DMZ by ensuring that files, user credentials and data are never stored on physical drives in the DMZ. Also, removes requirement for inbound holes in the firewall
Prevents direct communications between external and internal sessions by establishing secure session breaks in the DMZ using SSL or TLS encryption
Authentication options include IP address, user ID and password, digital certificates, SSH Keys, and RSA SecureID.