We recently have requries from our users that they would like to put one SQL system in the DMZ area and allow public user to access by using port 80.
There is no problem with standard Firewall configure, however, I have an issue that the user wants to allow the DMZ SQL access have communication with the "internal" SQL server by using port 1433. Will there is a security hole if I open the initial request from DMZ to "internal" with port 1433 ?
If there is an security issue, how can compay deal with B2B ? or B2C in live solution ?
Let me summary
1) SQL server places in DMZ for public with port 80 only
2) Internal SQL needs to talk to the SQL server in DMZ with port 1433 --- I think ok for one way direction (from internal to DMZ)
3) If the SQL server in DMZ wants to start the initial request by using port 1433, (DMZ -- to internal with port 1433.)
is it allowed ?