Solved

Resourse Order  (Real Easy Question)

Posted on 2006-07-06
4
175 Views
Last Modified: 2010-03-18
Working on a network diagram.  I have an outside interface, DMZ with web server connecting to SQL.  Should the SQL be behind the DMZ, or in the DMZ?  SQL needs to connect to Exchange only for mailing internally, nothing external.  I wish we could draw pictures for this .....

Outside Interface <---------->DMZ (Web Site, SQL) DMZ -----------> Secure Network (Exchange Backend)

or

Outside Interface <---------->DMZ (Web Site) DMZ -------------> Secure Network (Exchange Backend, SQL)

Now for the question.  Which method is preferred?  What do I have to allow through the DMZ to internal in order for SQL to talk to exchange for option 1?
0
Comment
Question by:ibtaya
  • 2
4 Comments
 
LVL 23

Accepted Solution

by:
Erik Bjers earned 250 total points
ID: 17055175
I think option 2 is best, you should only have your web/ external mail server in the DMZ, all servers that support the website/ mail system should be behinde the inside firewall.  To allow your web server to access SQL server you need to open the ports used to access the server in your firewall.  I would create a very restrictive rule allowing inbound connections on SQL ports from IP of webserver to IP of SQL server.

eb  
0
 
LVL 2

Author Comment

by:ibtaya
ID: 17057879
Thanks eb, that's what I was thinking, just needed to hear it from someone else.
0
 
LVL 9

Expert Comment

by:dooleydog
ID: 17057884
i would prefer to keep the SQL server internally and allow only certain IP addresses to send data to the SQL server through the firewall,

Good Luck,
0
 
LVL 23

Expert Comment

by:Erik Bjers
ID: 17059019
good luck

eb
0

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question