Port Forwarding or DMZ

Posted on 2004-09-30
Last Modified: 2013-11-16
Hello all, My network is currently using NAT with a basic sonicwalll pro 100 firewall. I have 2 new webservers to implement. i am going to purchase a cisco 515e. This is kind of my first time setting up webservers on a network. Is it better to set them on a DMZ or have it sit behind the firewall and have the ports forwarded? all advice is appreciated.
Question by:mrlucio79
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 79

Expert Comment

ID: 12191704
It is always considered best practice to put any server that is publicly accessible on a DMZ.

Author Comment

ID: 12192614
How many DMZs can the Cisco 515E handle? What do you think about this setup:

Internet<------>external router<------>Webserver(DMZ)<------>Firewall<------>internal router
LVL 79

Accepted Solution

lrmoore earned 125 total points
ID: 12192882
The 515 can handle up to 6 interfaces, or 4 DMZ's

  PIX Outside           Whatever you want the DMZ's to be....this is just an example
            DMZ1 ----- Web servers
            DMZ2 ----- Extranet connections
            DMZ3 ----- Special purpose servers (VPN)
            DMZ4 ----- reserved for future use
   PIX inside
    Internal network
    Internal router ----- intranet WAN remote sites
Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features


Author Comment

ID: 12192926
Nice description! :0)  Here is a very stupid question though: Is it possible that I could hook a cisco switch into DMZ1 to host mutliple web servers?
LVL 79

Expert Comment

ID: 12192935
Absolutely! You can connect any interface to a switch. You can have 1000 servers on any DMZ that you want...

Author Comment

ID: 12192955
gotcha. This is great info. Thanks!!!

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Probable TCP NULL scan detected 10 378
palo alto VM series in AWS 3 132
Security Geteway Sonicwall 7 117
SSH over http/https 8 154
Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit If you want to manage em…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question