The DMZ usually exposes external services to the Internet such as web, servers, ftp and DNS. Because it is accessed from the Internet, the DMZ is intrinsically less trusted and needs to be separate from the private network.For this reason, different rules can be set, depending on traffic destination (Private LAN or DMZ).