Solved

DMZ Configuration

Posted on 2014-12-03
7
143 Views
Last Modified: 2014-12-15
Our company is in need to have a web server implemented for a small page which will have about 200 users accessing it per day, there will be a sql database in which will be accessed by this website. I was wondering if I can get some ideas in here as far as the best network configuration for this scenario.
I'm thinking to create a DMZ under our Sonicwall firewall and have the web sever talk to our sql server via the DMZ, is this possible or the sql server has to be under the DMZ as well? I never done this so, I'm sorry for being clueless.
0
Comment
Question by:jdff
7 Comments
 
LVL 6

Expert Comment

by:Thomas Wheeler
ID: 40480104
If the sql server is not in the dmz you can put the Web server in the dmz and create firewall rules to only allow the webs erver to access the sql ports 1433 and I think you may need the client ports 1024-5000 this keeps your webs erver in the dmz but allows it to query the sql server
0
 

Author Comment

by:jdff
ID: 40480121
Should join both server to the internal domain or leave it stand alone?
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 40480122
if the SQL server is dedicated for the web server, you actually no need connect the SQL server to any LAN switches and routers, just use a cross-over cable to directly connect the SQL and web server. of course, essential security configuration on the SQL server is still required just in case of any attack from the web server.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:jdff
ID: 40480124
Another question is, should I assign a local ip address for the web server? The SQL server has a local ip address already.
0
 
LVL 6

Expert Comment

by:Thomas Wheeler
ID: 40480129
Creating a dmz is a good idea for the Web server. I would not use the cross over cable idea. It would work but limits you for expanstion. You may want to access the sql server from other Lan resources like your internal workstation via management studio. Or add another Web server in the future as a developer box or something. For this reason I would create the dmz network and put your Web server on it and setup your firewall rules. It will be better in the long run to do this bow rather than having to reconfigure things later.
0
 
LVL 17

Accepted Solution

by:
lruiz52 earned 500 total points
ID: 40480165
I am all for the DMZ idea, put the web server on the DMZ, assign it a local ip in the DMZ subnet (should be different from the Local IP in your trusted Network). You will also need to setup a NAT rule on your firewall to forward traffic from the Public IP you assign it. If you do decide to join the web server to the domain, you will have to open more ports on your firewall, I would recommend that you dont add it to the domain and leave it as stand alone.
0
 

Author Comment

by:jdff
ID: 40480811
Hi lruiz52, but should I add the SQl server to the domain? This SQL will be sole dedicated to the web server.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
This video discusses moving either the default database or any database to a new volume.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now