The internal interfaces on the Firebox are network interfaces that are not directly connected to the Internet or WAN. These interfaces usually protect your private network (LAN) or other internal resources, including users and Web (HTTP), email (SMTP), or FTP servers.
A trusted interface is an internal interface that connects to your private network, or LAN. Hosts on this interface are protected from hosts on the external and optional interfaces by default. In most organizations, employee computers connect to the trusted network.
The optional interface connects to the “demilitarized zone” (DMZ) or mixed trust area of your network. Use optional interfaces to create zones in your network with different levels of access. Frequently, public servers are installed on an optional network, as well as wireless clients.
Private IP Addresses
When you configure a trusted or optional interface, we recommend that you use an IP address in one of the three IP address ranges reserved by the Internet Engineering Task Force (IETF) for private networks on LANs.
For more information, see About Private IP Addresses.