We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

SQL 2008 Replication to DMZ Security

Medium Priority
865 Views
Last Modified: 2012-12-05
I have 2 SQL Server 2008 servers. One located in an internal domain and the other located in a DMZ facing the internet. The one in the domain is replicating one-way to the SQL server in the DMZ.

In order for the them to talk to each other I have to open a port on the firewall and also had to create a persistent route locally on each server to get them to talk to each other.

This leaves a big security hole I think. Because if someone was able to take over the server in the DMZ then they would have complete access to the server in the domain.

How can I do one-way replication in a secure way?
Comment
Watch Question

Commented:
Hi junglecom-

You should not need to have the persistant route, the default route on the servers should be sufficient. If you do you could use NAT and NAT the inside SQL server to an IP address on the DMZ so the DMZ SQL server wouldn't have to know anything about where the inside server is.
To force the replication to only work from the inside to the DMZ you could restrict the SQL traffic from the DMZ to the inside using the established key word at the end of the ACL. This would only allow traffic from the DMZ to the inside that is a response to traffic that originated from the inside.

let us know if you need any help setting this up.

-t

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
I just started on ISA so I would LOVE your help.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.