Host placement and DMZ internal/external questions.

[Adam T <123security () gmail com>]

I have a few questions I have about dmz internal and external networks
that I need help with.

1 if you have a host such as citrix that must have access to the
internal network does that sit on your DMZ?

2 antivirus mail gateway servers / Antivirus update server does that
sit on your DMZ ?

3 a squid proxy that internal hosts access

with the examples above do I place the hosts on the DMZ and then
modify firewall rules so that the host has the access they need to
perform as an internal network host? if so how is that different than
opening up a specific port directed to a specific host on internal
network for outside world access?

part of my confusion lies in that when I think DMZ I think that the
host should never touch the internal network and be left out in the
DMZ alone.

I hope I have stated my questions clearly
thank you for your responses.

/at