Bastion hosts and Demilitarized zone (DMZ) are both firewall deployment architectures used to protect networks. A Bastion host is a computer placed between public networks such as the Internet and internal private networks that host critical organizational systems. Whereas the DMZ is a network segment that hosts publicly facing web applications and systems.
A Bastion host is a kind of proxy that resides between the public space and the internal network and of course after a firewall. However, DMZ is a subnet that contains real servers and applications, such as webserver and mail servers.
the_cyberguy Answered question 14/07/2022