Web/mail server setup

Posted on 2005-04-18
Last Modified: 2010-04-10

I am running a windows 2000 domain with about 60 pc's
the domain controller is running our SQL server,  and there is a second domain controller running as a file server.

we want to add a mail server and and a web server to our network.

right now we have a symantec gateway 5420 firewall.

do I need to put the web and mail servers on a service network or dmz?
or can I use redircted services through the firewall to hide my web server and mail server in the domain?

not sure if this is very secure...

any thoughts?


Question by:rbunn
    LVL 16

    Accepted Solution

    You can do either. Putting them on a DMZ is clearly more secure - but it means you need to set up a DMZ and it means your web/mail services need to run on a different computer, whereas if you run them on the internal network you can re-use existing computers.
    LVL 27

    Expert Comment

    Agree.  This is exactly what DMZ's were designed for.
    LVL 1

    Author Comment

    ok,  I have set up the dmz and the web serever seems to work or,  but I can not connect to the sql server that is on the domain.

    the SQL server uses domain authentication and will not let me add a non-domain user

    if I put the web server back on the domain so I can access the sql server, what will be my biggest security risk?

    What can I do to make it secure even though it is on the domain?

    LVL 16

    Expert Comment

    Your servers can be members of the (windows) domain even if they're not on the LAN. But it means you'd need to open DMZ->LAN ports on the firewall to allow the member servers to validate usernames against the global catalogs.

    LVL 1

    Author Comment

    Is this a big or minor security risk?

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Article by: IanTh
    Hi Guys After a whole weekend getting wake on lan over the internet working, I thought I would share the experience. Your firewall has to have a port forward for port 9 udp to your local broadcast x.x.x.255 but if that doesnt work, do it to a …
    PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    25 Experts available now in Live!

    Get 1:1 Help Now