Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

DMZ Configuration

Posted on 2014-12-03
7
Medium Priority
?
163 Views
Last Modified: 2014-12-15
Our company is in need to have a web server implemented for a small page which will have about 200 users accessing it per day, there will be a sql database in which will be accessed by this website. I was wondering if I can get some ideas in here as far as the best network configuration for this scenario.
I'm thinking to create a DMZ under our Sonicwall firewall and have the web sever talk to our sql server via the DMZ, is this possible or the sql server has to be under the DMZ as well? I never done this so, I'm sorry for being clueless.
0
Comment
Question by:jdff
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 7

Expert Comment

by:Thomas Wheeler
ID: 40480104
If the sql server is not in the dmz you can put the Web server in the dmz and create firewall rules to only allow the webs erver to access the sql ports 1433 and I think you may need the client ports 1024-5000 this keeps your webs erver in the dmz but allows it to query the sql server
0
 

Author Comment

by:jdff
ID: 40480121
Should join both server to the internal domain or leave it stand alone?
0
 
LVL 37

Expert Comment

by:bbao
ID: 40480122
if the SQL server is dedicated for the web server, you actually no need connect the SQL server to any LAN switches and routers, just use a cross-over cable to directly connect the SQL and web server. of course, essential security configuration on the SQL server is still required just in case of any attack from the web server.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 

Author Comment

by:jdff
ID: 40480124
Another question is, should I assign a local ip address for the web server? The SQL server has a local ip address already.
0
 
LVL 7

Expert Comment

by:Thomas Wheeler
ID: 40480129
Creating a dmz is a good idea for the Web server. I would not use the cross over cable idea. It would work but limits you for expanstion. You may want to access the sql server from other Lan resources like your internal workstation via management studio. Or add another Web server in the future as a developer box or something. For this reason I would create the dmz network and put your Web server on it and setup your firewall rules. It will be better in the long run to do this bow rather than having to reconfigure things later.
0
 
LVL 17

Accepted Solution

by:
lruiz52 earned 1500 total points
ID: 40480165
I am all for the DMZ idea, put the web server on the DMZ, assign it a local ip in the DMZ subnet (should be different from the Local IP in your trusted Network). You will also need to setup a NAT rule on your firewall to forward traffic from the Public IP you assign it. If you do decide to join the web server to the domain, you will have to open more ports on your firewall, I would recommend that you dont add it to the domain and leave it as stand alone.
0
 

Author Comment

by:jdff
ID: 40480811
Hi lruiz52, but should I add the SQl server to the domain? This SQL will be sole dedicated to the web server.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What is an ISAPI filter?   •      It's an assembly (.dll file) that can add or change the way IIS works.   •      They can be enabled globally for your web server or on a site-by-site basis.   When the IIS server receives a request, enabling the ISAPI fi…
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question