To ensure that the security protection provided by the protocols and functions mentioned (SSL, SNC, authentication and authorization) cannot be misused, additional security mechanisms are also necessary. Therefore, for additional access protection and optimal security, we recommend using security zones to establish a secure network infrastructure for your complete landscape.
The firewalls protect the network from undesired access from persons or resources outside of the designated area. The application gateway or proxy server in the DMZ makes sure that requests are not directly passed through to the desired resource, but are handled by the gateway or proxy server's own cache. Not only does this buffer zone reduce network load, but it also allows you to filter requests increasingly from the external to internal networks through the multiple firewalls. Application servers, database servers, and the user management systems have increased protection and are only accessible by authorized users or resources. In this way, you can provide for optimal protection.
The example above is an example of how a system landscape can be set up using network zones. Depending on the complexity of your own landscape, you may choose to use additional or fewer zones.