What is the name of the configuration that uses two firewalls placed on either side of the demilitarized zone (DMZ), with the edge firewall restricting traffic on the external/public interface?

The configuration that employs two firewalls, one on each side of a demilitarized zone (DMZ), is known as a screened subnet. This architecture is designed to enhance security by placing the DMZ—where public-facing services are hosted—between two firewalls. The edge firewall controls incoming and outgoing traffic from the external network, while the internal firewall enforces security policies for traffic between the DMZ and the internal network.

By having this dual-firewall setup, organizations can effectively isolate their internal network from direct exposure to the internet. The edge firewall not only restricts public access to only certain services hosted in the DMZ but also allows rules to be set that can mitigate potential threats from external attacks. The internal firewall further scrutinizes the traffic to ensure that only legitimate, pre-defined communication can occur between the DMZ and the internal resources, thereby reducing the risk of breaches.

This screening function is crucial because it allows an organization to provide resources to users outside the organization while maintaining a robust internal security posture. It's an effective way to manage risk in environments where external access is necessary but security must not be compromised. Other configurations mentioned, such as staging environments or access control lists (ACLs), do not specifically refer to the dual-firewall