Solved

Accessing Servers on the Firewall DMZ from the Internal Network

Posted on 2014-11-12
3
222 Views
Last Modified: 2014-12-26
We have an FTP server on the DMZ of our firewall.
External access is available from selected FTP clients on the Internet.
Internal access is available from FTP clients on the Internal network.

My questions are these:

Is it possible to enable greater Internal Access to the FTP Server host without compromising security? For example could the file system of the FTP Server Host (a Windows Box) be shared by Windows clients on the Internal network? If this is not the best (most secure?) way of accessing the server, what alternatives are there and what are their Pros and Cons? In essence, what is the normal way that connectivity is maintained between servers on the DMZ and internal networks?
0
Comment
Question by:ajmcqueen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 22

Accepted Solution

by:
eeRoot earned 500 total points
ID: 40439074
Depending on your firewall, you may be able to set up a VPN tunnel on the internal -> DMZ interface so that approved users can connect to the DMZ when they need to, but not be connected all the time.  Alternatively, you can identify what TCP & UDP ports are needed for the server management, and open those ports.  It does pose a risk though, if your internal PC's become infected by a virus or hacked, the DMZ will then be reachable by one of these threats.

Another option is to set up a utility DMZ that is used for management of the other DMZ's.  Backups, file transfers, and other IT tasks could be performed by a few servers in the utility DMZ, with firewall rules allowing the mgmt servers access to the existing DMZ, and IT admins accessing the mgmt DMZ via a VPN tunnel.  This is a lot of work to set up, but it gives you a "double hop" between your internal network and DMZ, so that viruses & hackers that get into one segment of you netowrk, will have a harder time getting into the other.
0

Featured Post

Business Impact of IT Communications

What are the business impacts of how well businesses communicate during an IT incident? Targeting, speed, and transparency all matter. Find out more in this infographic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question