Setting up Web Server and SQL using DMZ

Posted on 2011-10-26
Last Modified: 2012-05-12
So I have to set up a Web server with a SQL server. I want to set up the Web server in the DMZ and have the SQL remain in the LAN. I was going to do this.

Internet-------Firewall-------Webserver(DMZ)----------Firewall----------SQL Server(LAN)
                   allow port 80                                         block port 80
                   block port 1433                                     allow port 1433

Users in the LAN also need to access the Webserver in the DMZ plus admins will need to be able to access the webserver,
My question....If I allow services needed from LAN to DMZ will that be safe enough? Does my setup sound right? I know its not going to be perfect but I want it to be as good as I can.
Also, we are using a Sonicwall firewall.

Question by:clynch302
    LVL 33

    Accepted Solution

    This is a pretty standard setup.   Nothing really wrong from a design perspective.  

    Keeping your SQL server off the public internet is good.   You normally wouldn't allow any public traffic into the LAN, only into the DMZ.  So having the SQL inside is ok.  

    Just make sure you have the webserver hardened against attack and you're in good shape .  

    Thats my 2 cents.

    Author Closing Comment


    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Join & Write a Comment

    Suggested Solutions

    Security is one of the biggest concerns when moving and migrating your data from your on-premise location to the Public Cloud.  Where is your data? Who can access it? Will it be safe from accidental deletion?  All of these questions and more are imp…
    Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    730 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now