Solved

Accessing Servers on the Firewall DMZ from the Internal Network

Posted on 2014-11-12
3
205 Views
Last Modified: 2014-12-26
We have an FTP server on the DMZ of our firewall.
External access is available from selected FTP clients on the Internet.
Internal access is available from FTP clients on the Internal network.

My questions are these:

Is it possible to enable greater Internal Access to the FTP Server host without compromising security? For example could the file system of the FTP Server Host (a Windows Box) be shared by Windows clients on the Internal network? If this is not the best (most secure?) way of accessing the server, what alternatives are there and what are their Pros and Cons? In essence, what is the normal way that connectivity is maintained between servers on the DMZ and internal networks?
0
Comment
Question by:ajmcqueen
3 Comments
 
LVL 21

Accepted Solution

by:
eeRoot earned 500 total points
Comment Utility
Depending on your firewall, you may be able to set up a VPN tunnel on the internal -> DMZ interface so that approved users can connect to the DMZ when they need to, but not be connected all the time.  Alternatively, you can identify what TCP & UDP ports are needed for the server management, and open those ports.  It does pose a risk though, if your internal PC's become infected by a virus or hacked, the DMZ will then be reachable by one of these threats.

Another option is to set up a utility DMZ that is used for management of the other DMZ's.  Backups, file transfers, and other IT tasks could be performed by a few servers in the utility DMZ, with firewall rules allowing the mgmt servers access to the existing DMZ, and IT admins accessing the mgmt DMZ via a VPN tunnel.  This is a lot of work to set up, but it gives you a "double hop" between your internal network and DMZ, so that viruses & hackers that get into one segment of you netowrk, will have a harder time getting into the other.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now