Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


new DMZ, web server needs to get to SQL server

Posted on 2007-07-31
Medium Priority
Last Modified: 2011-09-20
Firewall Question:  I have an Astaro 120 Firewall/Gateway and our company recently purchased a web server to be placed in a DMZ.  I am new to networking and have read that I want to set up the firewall to drop all packets from the DMZ to our internal LAN, BUT our SQL server we use internally is (hopefully) going to server data to the web server upon request.  What is the right way to have our web server in the DMZ but to still have access to our SQL server on the LAN?  Or am I thinking about this the wrong way?
Question by:kbdaemon
1 Comment
LVL 11

Accepted Solution

rvthost earned 2000 total points
ID: 19607705
Yep, you're thinking about it in the correct way.  I'm not familiar with your firewall to give you exact commands, but you have the idea.  At a high level, think of it as three different zones:

LAN - trusted
DMZ - semi-trusted
Internet - not trusted

You would setup your DMZ zone so that it would initially have no access to your internal LAN.  You could allow it to make outbound Internet requests freely (if you so choose), but it itself cannot initiate connections to the LAN.  Once you know that this is working as designed, you can now "poke" a hole from the DMZ to your LAN so that the web server in the DMZ can make SQL server requests.  But you would configure the firewall so that the web server (Ex. can initiate requests only to SQL server (Ex., and then only on the necessary ports (1433 for SQL by default).  So you want to be as specific as possible to minimize your risk.  

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
Suggested Courses
Course of the Month15 days, 8 hours left to enroll

575 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question