• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 686
  • Last Modified:

Best practice in updating the server in DMZ

Hi All,

I've got several DMZ Windows server that I'd like to know how to update them, it is serving as terminal server and the webserver with only port 443 and 80 & 8080 opened to the internet with port 1521 for database connection.

I do have WSUS in place and already working fine in the internal domain, how do people usually do their patching for the DMZ servers ?

Any idea would be greatly appreciated.

  • 2
2 Solutions
What constraints do you have regarding network security?  Do you control the network or only servers?  What is company policy about DMZ and Inside zones interaction?

You could open the needed ports from the inside to the DMZ, only for the WSUS server.

Or, for only a handful, it might be easier to do manually.
jjozAuthor Commented:
yes, that is what I'm thinking of opening that port 8530.

the policy is that this terminal access server is the interface for the 3rd party consultant and user to perform some task into our system only.
If there's no restriction on allowing 8530 between Inside and DMZ, I think best practice would be to use your existing management strategy for DMZ servers just like internal servers.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now