• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 433
  • Last Modified:

Setting up Web Server and SQL using DMZ

So I have to set up a Web server with a SQL server. I want to set up the Web server in the DMZ and have the SQL remain in the LAN. I was going to do this.

Internet-------Firewall-------Webserver(DMZ)----------Firewall----------SQL Server(LAN)
                   allow port 80                                         block port 80
                   block port 1433                                     allow port 1433

Users in the LAN also need to access the Webserver in the DMZ plus admins will need to be able to access the webserver,
My question....If I allow services needed from LAN to DMZ will that be safe enough? Does my setup sound right? I know its not going to be perfect but I want it to be as good as I can.
Also, we are using a Sonicwall firewall.

1 Solution
This is a pretty standard setup.   Nothing really wrong from a design perspective.  

Keeping your SQL server off the public internet is good.   You normally wouldn't allow any public traffic into the LAN, only into the DMZ.  So having the SQL inside is ok.  

Just make sure you have the webserver hardened against attack and you're in good shape .  

Thats my 2 cents.
clynch302Author Commented:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now