Firewalls can be arranged to form a DMZ. DMZ is required only if an organization has servers that it needs to make available to the outside world (e.g. Web servers or FTP servers). For this, a firewall has atleast three network interfaces. One interface connects to the internal private network; the second connects to the external public network (i.e, the Internet) and the third connects to the public servers (which form the DMZ network).
Advantages of DMZ- The main advantage of DMZ is that the access to any service on the DMZ can be restricted. For example, if the web server is the only required service we can lImit the traffic in/out of the DMZ network to the HTTP and HTTPS protocols (i.e ports 80 and 443 respectively). All other traffic can be filtered. More importantly, the internal private network is no way directly connected to the DMZ. So even if an attacker somehow manage to hack into the DMZ, the internal private network is safe and out of the reach of the attacker,