They are both security zones. Most customers I come across move their external services to the DMZ and add restrictive policies (i.e. from untrust to dmz, server/MIP x.x.x.x, permit 80, but not from dmz to trust).
John Judge JNCIS-SEC, JNCIS-ENT,
If this solves your problem, please mark this post as "Accepted Solution". Kudos are appreciated.