> some air-gapped servers can be connected to from a private "trusted" network

Erm ... mate....

A device is either air-gapped or it isn't. The clue is kinda in the name.

Yes, I know gov/mil networks use data-diodes, but that's a different kettle of very expensive fish which is certified to EAL6/7.

For everyone else, air-gapped means what it says on the tin.

Pseudo air-gapping via firewall rules is not air-gapping, its called writing ACLs.

Bingo. Air-gapped machines, by definition, have no connection to each other. Not so much as an audio cable between them. Everything that goes back and forth is manually transferred, either by eyes-on-one-screen-hands-on-the-other-keyboard, or by sneakernet typically of media which may be inspected at yet a third station en route.

This is a proxy or a bastion host, no more, no less. Calling it an airgap, even in "scare quotes", is clownishly terrible and serves no purpose beyond polluting the language.

Ha. I totally get what you mean, but I wish. I've seen plenty of air-gapped servers, and I'm not even that old. And everytime I've challenged the set up for it to be truly air-gapped, I've been fought for it.

correct - I think people are getting confused - not sure how, since the name is very descriptive

Exactly. These "trusted" machines still have security vulnerabilities that you would like to patch though :)