Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Port Forwarding or DMZ

Posted on 2004-09-30
6
Medium Priority
?
483 Views
Last Modified: 2013-11-16
Hello all, My network is currently using NAT with a basic sonicwalll pro 100 firewall. I have 2 new webservers to implement. i am going to purchase a cisco 515e. This is kind of my first time setting up webservers on a network. Is it better to set them on a DMZ or have it sit behind the firewall and have the ports forwarded? all advice is appreciated.
0
Comment
Question by:mrlucio79
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 12191704
It is always considered best practice to put any server that is publicly accessible on a DMZ.
0
 

Author Comment

by:mrlucio79
ID: 12192614
How many DMZs can the Cisco 515E handle? What do you think about this setup:

Internet<------>external router<------>Webserver(DMZ)<------>Firewall<------>internal router
<------>Network
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 12192882
The 515 can handle up to 6 interfaces, or 4 DMZ's

Internet
    |
  Router
     |
  PIX Outside           Whatever you want the DMZ's to be....this is just an example
            DMZ1 ----- Web servers
            DMZ2 ----- Extranet connections
            DMZ3 ----- Special purpose servers (VPN)
            DMZ4 ----- reserved for future use
   PIX inside
       |
    Internal network
       |
    Internal router ----- intranet WAN remote sites
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 

Author Comment

by:mrlucio79
ID: 12192926
Nice description! :0)  Here is a very stupid question though: Is it possible that I could hook a cisco switch into DMZ1 to host mutliple web servers?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12192935
Absolutely! You can connect any interface to a switch. You can have 1000 servers on any DMZ that you want...
0
 

Author Comment

by:mrlucio79
ID: 12192955
gotcha. This is great info. Thanks!!!
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question