Solved

Resourse Order  (Real Easy Question)

Posted on 2006-07-06
4
174 Views
Last Modified: 2010-03-18
Working on a network diagram.  I have an outside interface, DMZ with web server connecting to SQL.  Should the SQL be behind the DMZ, or in the DMZ?  SQL needs to connect to Exchange only for mailing internally, nothing external.  I wish we could draw pictures for this .....

Outside Interface <---------->DMZ (Web Site, SQL) DMZ -----------> Secure Network (Exchange Backend)

or

Outside Interface <---------->DMZ (Web Site) DMZ -------------> Secure Network (Exchange Backend, SQL)

Now for the question.  Which method is preferred?  What do I have to allow through the DMZ to internal in order for SQL to talk to exchange for option 1?
0
Comment
Question by:ibtaya
  • 2
4 Comments
 
LVL 23

Accepted Solution

by:
Erik Bjers earned 250 total points
ID: 17055175
I think option 2 is best, you should only have your web/ external mail server in the DMZ, all servers that support the website/ mail system should be behinde the inside firewall.  To allow your web server to access SQL server you need to open the ports used to access the server in your firewall.  I would create a very restrictive rule allowing inbound connections on SQL ports from IP of webserver to IP of SQL server.

eb  
0
 
LVL 2

Author Comment

by:ibtaya
ID: 17057879
Thanks eb, that's what I was thinking, just needed to hear it from someone else.
0
 
LVL 9

Expert Comment

by:dooleydog
ID: 17057884
i would prefer to keep the SQL server internally and allow only certain IP addresses to send data to the SQL server through the firewall,

Good Luck,
0
 
LVL 23

Expert Comment

by:Erik Bjers
ID: 17059019
good luck

eb
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to scan rdp  ''only'' open port 3333? 5 130
Server 2008 Cluster Fail-over Errors 5 102
RRAS AND DNS 15 61
Changing Lease Duration for DHCP clients 34 28
FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question