[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 431
  • Last Modified:

Setting up Web Server and SQL using DMZ

So I have to set up a Web server with a SQL server. I want to set up the Web server in the DMZ and have the SQL remain in the LAN. I was going to do this.

Internet-------Firewall-------Webserver(DMZ)----------Firewall----------SQL Server(LAN)
                   allow port 80                                         block port 80
                   block port 1433                                     allow port 1433

Users in the LAN also need to access the Webserver in the DMZ plus admins will need to be able to access the webserver,
My question....If I allow services needed from LAN to DMZ will that be safe enough? Does my setup sound right? I know its not going to be perfect but I want it to be as good as I can.
Also, we are using a Sonicwall firewall.

1 Solution
This is a pretty standard setup.   Nothing really wrong from a design perspective.  

Keeping your SQL server off the public internet is good.   You normally wouldn't allow any public traffic into the LAN, only into the DMZ.  So having the SQL inside is ok.  

Just make sure you have the webserver hardened against attack and you're in good shape .  

Thats my 2 cents.
clynch302Author Commented:

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now