Link to home
Start Free TrialLog in
Avatar of preshomes
preshomes

asked on

Placing our Webserver in DMZ

Currently our website is hosted by 3rd Party but we will soon host our own webserver.  I am in the process of purchasing a Sonicwall Pro 3060 firewall and we are in the process of purchasing a server that will be used as our webserver. The website is being managed by a Content Mangement System that is also going to be installed on this same webserver and the CMS uses a SQL Server database also on this same server. I understand what a DMZ is and what it is for although I have never implemented it.  I have read that this server should be a server that is not part of the domain but since the website is being managed by users on the LAN how will I pass these users over to the DMZ to work on this system?  How would I configure my DNS server to point to this DMZ machine that is not apart of the domain so that my users can access it from the LAN?
Avatar of martonejd
martonejd
i'm not sure how the sonicwall works but on my firewall i can give each network a specific security level for lan, wan, and dmz.  the higher levels can access the lower levels. for instance, lan =100, dmz=10, wan=0.  lan can access all, dmz can access wan, but dmz and wan can't access lan and wan can't access dmz, unless it is explicitly defined on the firewall.  if you don't have those security level options, the you will ahve to create specific rules to allow traffic from the lan to the dmz.  

for dns to work ,you need to create a new zone on the dmz server according to the domain name of the website, ie, website.com.  then create a www A record under that zone with the dmz ip address of thta server.  

hope this is a start...
Avatar of preshomes
preshomes

ASKER

So that I understand correctly.

I have a webserver that is a standalone server (Workgroup) .  I need to install DNS and create the www A record on this server under the website.com zone.  Now that I have created this how does my LAN Servers with Active Direcory & DNS installed locate the server in the DMZ?  What record do I add in the DNS on the LAN AD side?
ASKER CERTIFIED SOLUTION
Avatar of martonejd
martonejd
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of preshomes
preshomes

ASKER

Ok. That makes perfect sense. Your statement "you need to create a new zone on the dmz server " confused me and now I am on the same page.  I have actually done what you described before just not for a standalone computer in a DMZ.
Avatar of martonejd
martonejd
yea, sorry about that, i think i meant to say "for" not "on" the dmz server.