Solved

Moving web servers into a DMZ?

Posted on 2016-10-25
3
77 Views
Last Modified: 2016-11-07
We've a pair of load balanced MS Windows 2008 R2 servers setup as a cluster for redundancy running IIS7.5.  And we host about 40 sites and domains.  We're using MS Load Balancer app.

I need to move these sites into a DMZ.  So my first question is do I have to change the ip address on the web servers and assign one from the DMZ subnet?  Or should I just be able to change the ip address of the sites and assign them an address from the DMZ.

I tried doing that today and it didn't work.  It worked fine on the server itself.  But when I try to access the site by ip it can't be found.

Let me  know if you need more info.

Thanks
0
Comment
Question by:mobot
  • 2
3 Comments
 
LVL 27

Accepted Solution

by:
Dr. Klahn earned 500 total points
ID: 41859513
Presumably your web servers are now inside your LAN and the firewall has been told to route port 80 traffic to their current IP address.

Then the first step would be to reassign them new static IP addresses inside the DMZ, which you've done.

If the servers host multiple sites, access by IP address might not work correctly.  Virtual hosts are "routed to" internally in the server by the hostname section of the incoming URL.

When you moved the servers into the DMZ, was the firewall told to route port 80 traffic to their new IP address?
0
 

Author Comment

by:mobot
ID: 41864197
I didn't move the actual IIS servers that host the sites into the DMZ.

What I did was add an ip address from the DMZ subnet to the cluster properties.  Then assign that address from the DMZ subnet to a site.  I made the appropriate changes to DNS,  DNS resolves correctly.
I can access the site in IIS Manager on the server.

But from my workstation's browser I can't access the site.

So I'm asking do I need to assign addresses from the DMZ subnet to the IIS servers before I add the sites to the DMZ?

Thanks
0
 

Author Comment

by:mobot
ID: 41872727
Anyone???
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
Lease-to-own eliminates the expenditure of hardware replacement and allows you to pay off the server over time. Usually, this is much cheaper than leasing servers. Think of lease-to-own as credit without interest.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question