Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

DMZ Configuration

Posted on 2014-12-03
7
154 Views
Last Modified: 2014-12-15
Our company is in need to have a web server implemented for a small page which will have about 200 users accessing it per day, there will be a sql database in which will be accessed by this website. I was wondering if I can get some ideas in here as far as the best network configuration for this scenario.
I'm thinking to create a DMZ under our Sonicwall firewall and have the web sever talk to our sql server via the DMZ, is this possible or the sql server has to be under the DMZ as well? I never done this so, I'm sorry for being clueless.
0
Comment
Question by:jdff
7 Comments
 
LVL 7

Expert Comment

by:Thomas Wheeler
ID: 40480104
If the sql server is not in the dmz you can put the Web server in the dmz and create firewall rules to only allow the webs erver to access the sql ports 1433 and I think you may need the client ports 1024-5000 this keeps your webs erver in the dmz but allows it to query the sql server
0
 

Author Comment

by:jdff
ID: 40480121
Should join both server to the internal domain or leave it stand alone?
0
 
LVL 37

Expert Comment

by:bbao
ID: 40480122
if the SQL server is dedicated for the web server, you actually no need connect the SQL server to any LAN switches and routers, just use a cross-over cable to directly connect the SQL and web server. of course, essential security configuration on the SQL server is still required just in case of any attack from the web server.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:jdff
ID: 40480124
Another question is, should I assign a local ip address for the web server? The SQL server has a local ip address already.
0
 
LVL 7

Expert Comment

by:Thomas Wheeler
ID: 40480129
Creating a dmz is a good idea for the Web server. I would not use the cross over cable idea. It would work but limits you for expanstion. You may want to access the sql server from other Lan resources like your internal workstation via management studio. Or add another Web server in the future as a developer box or something. For this reason I would create the dmz network and put your Web server on it and setup your firewall rules. It will be better in the long run to do this bow rather than having to reconfigure things later.
0
 
LVL 17

Accepted Solution

by:
lruiz52 earned 500 total points
ID: 40480165
I am all for the DMZ idea, put the web server on the DMZ, assign it a local ip in the DMZ subnet (should be different from the Local IP in your trusted Network). You will also need to setup a NAT rule on your firewall to forward traffic from the Public IP you assign it. If you do decide to join the web server to the domain, you will have to open more ports on your firewall, I would recommend that you dont add it to the domain and leave it as stand alone.
0
 

Author Comment

by:jdff
ID: 40480811
Hi lruiz52, but should I add the SQl server to the domain? This SQL will be sole dedicated to the web server.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

First of all, clustering IIS is something you should rarely consider doing. In almost all cases, Microsoft Network Load Balancing (NLB) (http://technet.microsoft.com/en-us/library/cc758834(WS.10).aspx) is a much better solution when you need to p…
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question