It is important to understand and define a list of firewall access-list rules in order to help implement an effective network segmentation strategy. Users must consider any unique requirements for their environments, as well as the list of expected ports, protocols, and services for each software component in the solution. Also, it is essential to confirm and test different use cases once network segmentation has been implemented. It is also recommended to define a baseline of expected traffic to further enhance these rules or define additional rules.
In Information Technology (IT) environments, the DMZ is used to segment between external and internal networks to prevent direct access between the two network zones. The DMZ can host publicly accessible services such as web servers. The same principal can be applied in retail-based networks. This can be achieved using firewalls and technologies like proxies or VPN tunneling.