Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Resourse Order  (Real Easy Question)

Posted on 2006-07-06
4
Medium Priority
?
181 Views
Last Modified: 2010-03-18
Working on a network diagram.  I have an outside interface, DMZ with web server connecting to SQL.  Should the SQL be behind the DMZ, or in the DMZ?  SQL needs to connect to Exchange only for mailing internally, nothing external.  I wish we could draw pictures for this .....

Outside Interface <---------->DMZ (Web Site, SQL) DMZ -----------> Secure Network (Exchange Backend)

or

Outside Interface <---------->DMZ (Web Site) DMZ -------------> Secure Network (Exchange Backend, SQL)

Now for the question.  Which method is preferred?  What do I have to allow through the DMZ to internal in order for SQL to talk to exchange for option 1?
0
Comment
Question by:ibtaya
  • 2
4 Comments
 
LVL 23

Accepted Solution

by:
Erik Bjers earned 1000 total points
ID: 17055175
I think option 2 is best, you should only have your web/ external mail server in the DMZ, all servers that support the website/ mail system should be behinde the inside firewall.  To allow your web server to access SQL server you need to open the ports used to access the server in your firewall.  I would create a very restrictive rule allowing inbound connections on SQL ports from IP of webserver to IP of SQL server.

eb  
0
 
LVL 2

Author Comment

by:ibtaya
ID: 17057879
Thanks eb, that's what I was thinking, just needed to hear it from someone else.
0
 
LVL 9

Expert Comment

by:dooleydog
ID: 17057884
i would prefer to keep the SQL server internally and allow only certain IP addresses to send data to the SQL server through the firewall,

Good Luck,
0
 
LVL 23

Expert Comment

by:Erik Bjers
ID: 17059019
good luck

eb
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question