A DMZ is a computer network (subnet) that serves as a buffer zone with its own IP address range and separates two networks from each other through strict access rules. Servers within a DMZ are physically located within the company, but are not directly connected to the devices of the local network. This allows a company's local network to be protected while allowing access to an untrusted network, such as the Internet.
Typically, external services, mail, web servers or Domain Name System (DNS) servers are stored in a DMZ. A DMZ is also often used as the endpoint of a VPN.