Solved

Resourse Order  (Real Easy Question)

Posted on 2006-07-06
4
177 Views
Last Modified: 2010-03-18
Working on a network diagram.  I have an outside interface, DMZ with web server connecting to SQL.  Should the SQL be behind the DMZ, or in the DMZ?  SQL needs to connect to Exchange only for mailing internally, nothing external.  I wish we could draw pictures for this .....

Outside Interface <---------->DMZ (Web Site, SQL) DMZ -----------> Secure Network (Exchange Backend)

or

Outside Interface <---------->DMZ (Web Site) DMZ -------------> Secure Network (Exchange Backend, SQL)

Now for the question.  Which method is preferred?  What do I have to allow through the DMZ to internal in order for SQL to talk to exchange for option 1?
0
Comment
Question by:ibtaya
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 23

Accepted Solution

by:
Erik Bjers earned 250 total points
ID: 17055175
I think option 2 is best, you should only have your web/ external mail server in the DMZ, all servers that support the website/ mail system should be behinde the inside firewall.  To allow your web server to access SQL server you need to open the ports used to access the server in your firewall.  I would create a very restrictive rule allowing inbound connections on SQL ports from IP of webserver to IP of SQL server.

eb  
0
 
LVL 2

Author Comment

by:ibtaya
ID: 17057879
Thanks eb, that's what I was thinking, just needed to hear it from someone else.
0
 
LVL 9

Expert Comment

by:dooleydog
ID: 17057884
i would prefer to keep the SQL server internally and allow only certain IP addresses to send data to the SQL server through the firewall,

Good Luck,
0
 
LVL 23

Expert Comment

by:Erik Bjers
ID: 17059019
good luck

eb
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Suggested Courses
Course of the Month10 days, 16 hours left to enroll

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question