Solved

DMZ Configuration

Posted on 2014-12-03
7
151 Views
Last Modified: 2014-12-15
Our company is in need to have a web server implemented for a small page which will have about 200 users accessing it per day, there will be a sql database in which will be accessed by this website. I was wondering if I can get some ideas in here as far as the best network configuration for this scenario.
I'm thinking to create a DMZ under our Sonicwall firewall and have the web sever talk to our sql server via the DMZ, is this possible or the sql server has to be under the DMZ as well? I never done this so, I'm sorry for being clueless.
0
Comment
Question by:jdff
7 Comments
 
LVL 7

Expert Comment

by:Thomas Wheeler
ID: 40480104
If the sql server is not in the dmz you can put the Web server in the dmz and create firewall rules to only allow the webs erver to access the sql ports 1433 and I think you may need the client ports 1024-5000 this keeps your webs erver in the dmz but allows it to query the sql server
0
 

Author Comment

by:jdff
ID: 40480121
Should join both server to the internal domain or leave it stand alone?
0
 
LVL 37

Expert Comment

by:bbao
ID: 40480122
if the SQL server is dedicated for the web server, you actually no need connect the SQL server to any LAN switches and routers, just use a cross-over cable to directly connect the SQL and web server. of course, essential security configuration on the SQL server is still required just in case of any attack from the web server.
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 

Author Comment

by:jdff
ID: 40480124
Another question is, should I assign a local ip address for the web server? The SQL server has a local ip address already.
0
 
LVL 7

Expert Comment

by:Thomas Wheeler
ID: 40480129
Creating a dmz is a good idea for the Web server. I would not use the cross over cable idea. It would work but limits you for expanstion. You may want to access the sql server from other Lan resources like your internal workstation via management studio. Or add another Web server in the future as a developer box or something. For this reason I would create the dmz network and put your Web server on it and setup your firewall rules. It will be better in the long run to do this bow rather than having to reconfigure things later.
0
 
LVL 17

Accepted Solution

by:
lruiz52 earned 500 total points
ID: 40480165
I am all for the DMZ idea, put the web server on the DMZ, assign it a local ip in the DMZ subnet (should be different from the Local IP in your trusted Network). You will also need to setup a NAT rule on your firewall to forward traffic from the Public IP you assign it. If you do decide to join the web server to the domain, you will have to open more ports on your firewall, I would recommend that you dont add it to the domain and leave it as stand alone.
0
 

Author Comment

by:jdff
ID: 40480811
Hi lruiz52, but should I add the SQl server to the domain? This SQL will be sole dedicated to the web server.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question