Medium to large organisations may have a De-Militarised Zone (DMZ), which protects the private corporate network from the public internet.
Like a gate and air gap to an office block, the DMZ controls what traffic from the internet may enter the corporate network and what traffic may flow back out to the internet. It allows the users of the corporate network to interact over the internet without having to deal directly with it. The corporate provides subsets of information to servers in the DMZ. Those DMZ servers send that information out to, or allow access to it from, the internet. The DMZ servers then take in information from the internet and provide it back to the corporate network.