1. The Architecture: Physical vs. Logical

To implement an iDMZ that passes a Class Survey, you must choose an architecture that ensures Zero Direct Routing. In maritime environments, we typically use the Three-Legged Firewall (for smaller vessels) or Back-to-Back Firewalls (for complex offshore units).

2. Technical Service Placement

By placing proxy services in the iDMZ, we ensure that OT assets (PLCs/HMIs) never “talk” to the internet directly. They only talk to these local authorized proxies.

3. Implementation: Traffic Directional Logic

Success is defined by your Firewall Access Control Lists (ACLs). Use the following “Directionality Matrix” to configure your conduits: