<div>
<div class="content wysiwyg-content">
I am setting up an environment where I have 2 servers. 1 Webserver that will be in the DMZ that requires SQL and HTTPS access to a SQL server that is located on the corp lan. I currently have the webserver on the domain and researched that this was a bad idea due to having to authenticate with an AD server. The forums I saw this on was in 09. Is this still the case or is there a better way to have a DMZ'd webserver with domain access? Does this look right or am I doing this the hard way?<br />
<br />
DMZ gateway 10.10.10.1<br />
WAN&lt;&gt;FIREWALL1(Webserver DMZ WAN 4.4.4.4)&lt;&gt;DMZ SWITCH&lt;&gt;Webserver (internal lan ip 10.10.10.10)<br />
WAN&lt;&gt;FIREWALL1(WAN 6.6.6.6)&lt;&gt;LAN&lt;&gt;SQL server (192.168.1.10)<br />
<br />
Firewall rules on FIREWALL1<br />
Forward 443 to 10.10.10.10 from DMZ, Allow all<br />
Forward 1433 to 10.10.10.10 from dmz, only allow 6.6.6.6<br />
Block all other ports<br />
<br />
Forward 443 and 1433 to 192.168.1.10 on 6.6.6.6<br />
Allow 443 and 1433 only from WAN 4.4.4.4
</div>
</div>


I am setting up an environment where I have 2 servers. 1 Webserver that will be in the DMZ that requires SQL and HTTPS access to a SQL server that is located on the corp lan. I currently have the webserver on the domain and researched that this was a bad idea due to having to authenticate with an AD server. The forums I saw this on was in 09. Is this still the case or is there a better way to have a DMZ'd webserver with domain access? Does this look right or am I doing this the hard way?

DMZ gateway 10.10.10.1
WAN<>FIREWALL1(Webserver DMZ WAN 4.4.4.4)<>DMZ SWITCH<>Webserver (internal lan ip 10.10.10.10)
WAN<>FIREWALL1(WAN 6.6.6.6)<>LAN<>SQL server (192.168.1.10)

Firewall rules on FIREWALL1
Forward 443 to 10.10.10.10 from DMZ, Allow all
Forward 1433 to 10.10.10.10 from dmz, only allow 6.6.6.6
Block all other ports

Forward 443 and 1433 to 192.168.1.10 on 6.6.6.6
Allow 443 and 1433 only from WAN 4.4.4.4

Web Server DMZ and SQL connection configuration.

Networking is the process of connecting computing devices, peripherals and terminals together through a system that uses wiring, cabling or radio waves that enable their users to communicate, share information and interact over distances. Often associated are issues regarding operating systems, hardware and equipment, cloud and virtual networking, protocols, architecture, storage and management.

Networking

IIS is Internet Information Services, the web server included with Windows Server operating systems. All current versions are built on a modular architecture; modules can be added or removed individually so that those required for specific functionality are installed. The full installation of IIS includes HTTP, security, content, compression, caching, logging and diagnostics.

Microsoft IIS Web Server

Microsoft SQL Server 2008 is a suite of relational database management system (RDBMS) products providing multi-user database access functionality.Component services include integration (SSIS), reporting (SSRS), analysis (SSAS), data quality, master data, T-SQL and performance tuning. Major improvements include the  Always On technologies and support for unstructured data types.