DMZ or Demilitarized Zone is an area between nation-states in which military operation is not permitted.
It is a small subnetwork that sits between a trusted internal network, such as a corporate private LAN, and an untrusted external network, such as the public internet.
The purpose of DMZ is to add an additional layer of security to an organization's local area network. An external network node can access only what is exposed in the DMZ, while the rest of the organization's network is firewalled.
DMZ functions as a small, isolated network positioned between the internet and the private network.
If there is a hacking attack, the organization will get extra time to detect and address breaches before the hackers penetrate into the internal networks.
The most secure approach is to use 2 firewalls to create a DMZ. For setting up a network architecture containing a DMZ, there must be at least three interfaces.
The first firewall called "front-end" or "perimeter" firewall, which is configured to allow traffic destined to DMZ only.
Whereas, the second firewall is known as "back-end" or internal firewall, which allows traffic from the DMZ to the internal network only.
With DMZ, we can control where traffic goes in the three networks.
We can do load balancing using DMZ
[ Now, what is load balancing?
A load balancer is a device that acts as a reverse proxy and distributes network or application traffic across a number of. servers.
]
Pictorial illustration of DMZ(using Two- Firewall)
Source: https://supportforums.cisco.com/t5/firewalling/is-a-dmz-using-two-firewalls-better/td-p/2552339