[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


SQL 2008 Replication to DMZ Security

Posted on 2009-02-09
Medium Priority
Last Modified: 2012-12-05
I have 2 SQL Server 2008 servers. One located in an internal domain and the other located in a DMZ facing the internet. The one in the domain is replicating one-way to the SQL server in the DMZ.

In order for the them to talk to each other I have to open a port on the firewall and also had to create a persistent route locally on each server to get them to talk to each other.

This leaves a big security hole I think. Because if someone was able to take over the server in the DMZ then they would have complete access to the server in the domain.

How can I do one-way replication in a secure way?
Question by:junglecom
LVL 18

Accepted Solution

decoleur earned 2000 total points
ID: 23596575
Hi junglecom-

You should not need to have the persistant route, the default route on the servers should be sufficient. If you do you could use NAT and NAT the inside SQL server to an IP address on the DMZ so the DMZ SQL server wouldn't have to know anything about where the inside server is.
To force the replication to only work from the inside to the DMZ you could restrict the SQL traffic from the DMZ to the inside using the established key word at the end of the ACL. This would only allow traffic from the DMZ to the inside that is a response to traffic that originated from the inside.

let us know if you need any help setting this up.


Author Comment

ID: 23616410
I just started on ISA so I would LOVE your help.

Featured Post

Exciting career futures for women in IT

Education has the power to transform lives and open the door to new career opportunities. By earning an IT degree from WGU, you can become a highly skilled IT professional. Get the credentials and certifications you need to become a leader in this rewarding field.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
Using examples as well as descriptions, and references to Books Online, show the documentation available for date manipulation functions and by using a select few of these functions, show how date based data can be manipulated with these functions.
Via a live example, show how to extract information from SQL Server on Database, Connection and Server properties
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question