We help IT Professionals succeed at work.

Placing our Webserver in DMZ

preshomes asked
Last Modified: 2012-08-13
Currently our website is hosted by 3rd Party but we will soon host our own webserver.  I am in the process of purchasing a Sonicwall Pro 3060 firewall and we are in the process of purchasing a server that will be used as our webserver. The website is being managed by a Content Mangement System that is also going to be installed on this same webserver and the CMS uses a SQL Server database also on this same server. I understand what a DMZ is and what it is for although I have never implemented it.  I have read that this server should be a server that is not part of the domain but since the website is being managed by users on the LAN how will I pass these users over to the DMZ to work on this system?  How would I configure my DNS server to point to this DMZ machine that is not apart of the domain so that my users can access it from the LAN?
Watch Question

i'm not sure how the sonicwall works but on my firewall i can give each network a specific security level for lan, wan, and dmz.  the higher levels can access the lower levels. for instance, lan =100, dmz=10, wan=0.  lan can access all, dmz can access wan, but dmz and wan can't access lan and wan can't access dmz, unless it is explicitly defined on the firewall.  if you don't have those security level options, the you will ahve to create specific rules to allow traffic from the lan to the dmz.  

for dns to work ,you need to create a new zone on the dmz server according to the domain name of the website, ie, website.com.  then create a www A record under that zone with the dmz ip address of thta server.  

hope this is a start...


So that I understand correctly.

I have a webserver that is a standalone server (Workgroup) .  I need to install DNS and create the www A record on this server under the website.com zone.  Now that I have created this how does my LAN Servers with Active Direcory & DNS installed locate the server in the DMZ?  What record do I add in the DNS on the LAN AD side?
This one is on us!
(Get your first solution completely free - no credit card required)


Ok. That makes perfect sense. Your statement "you need to create a new zone on the dmz server " confused me and now I am on the same page.  I have actually done what you described before just not for a standalone computer in a DMZ.
yea, sorry about that, i think i meant to say "for" not "on" the dmz server.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.