Solved

DMZ Configuration

Posted on 2014-12-03
7
148 Views
Last Modified: 2014-12-15
Our company is in need to have a web server implemented for a small page which will have about 200 users accessing it per day, there will be a sql database in which will be accessed by this website. I was wondering if I can get some ideas in here as far as the best network configuration for this scenario.
I'm thinking to create a DMZ under our Sonicwall firewall and have the web sever talk to our sql server via the DMZ, is this possible or the sql server has to be under the DMZ as well? I never done this so, I'm sorry for being clueless.
0
Comment
Question by:jdff
7 Comments
 
LVL 7

Expert Comment

by:Thomas Wheeler
ID: 40480104
If the sql server is not in the dmz you can put the Web server in the dmz and create firewall rules to only allow the webs erver to access the sql ports 1433 and I think you may need the client ports 1024-5000 this keeps your webs erver in the dmz but allows it to query the sql server
0
 

Author Comment

by:jdff
ID: 40480121
Should join both server to the internal domain or leave it stand alone?
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 40480122
if the SQL server is dedicated for the web server, you actually no need connect the SQL server to any LAN switches and routers, just use a cross-over cable to directly connect the SQL and web server. of course, essential security configuration on the SQL server is still required just in case of any attack from the web server.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:jdff
ID: 40480124
Another question is, should I assign a local ip address for the web server? The SQL server has a local ip address already.
0
 
LVL 7

Expert Comment

by:Thomas Wheeler
ID: 40480129
Creating a dmz is a good idea for the Web server. I would not use the cross over cable idea. It would work but limits you for expanstion. You may want to access the sql server from other Lan resources like your internal workstation via management studio. Or add another Web server in the future as a developer box or something. For this reason I would create the dmz network and put your Web server on it and setup your firewall rules. It will be better in the long run to do this bow rather than having to reconfigure things later.
0
 
LVL 17

Accepted Solution

by:
lruiz52 earned 500 total points
ID: 40480165
I am all for the DMZ idea, put the web server on the DMZ, assign it a local ip in the DMZ subnet (should be different from the Local IP in your trusted Network). You will also need to setup a NAT rule on your firewall to forward traffic from the Public IP you assign it. If you do decide to join the web server to the domain, you will have to open more ports on your firewall, I would recommend that you dont add it to the domain and leave it as stand alone.
0
 

Author Comment

by:jdff
ID: 40480811
Hi lruiz52, but should I add the SQl server to the domain? This SQL will be sole dedicated to the web server.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Logparser is the smartest tool I have ever used in parsing IIS log files and there are many interesting things I wanted to share with everyone one of the  real-world  scenario from my current project. Let's get started with  scenario - How do w…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now