Firewall Wizards mailing list archives
Re: dmz question
From: Balázs Nagy <nagy () balazs org>
Date: Sun, 05 Nov 2000 19:20:00 -0700
Ferrari, Martín wrote: > I have the following architecture: INTERNET - FIREWALL - DMZ - > FIREWALL - INTERNAL NETWORK > I can't decide whether to put my application server inside the DMZ > or inside the internal network. The app server will serve all secure content > and has access to the DB server. > If I put the app server inside the DMZ zone and someone breaks into > the DMZ, s/he can have access to my App Server, and besides that, I have to > open a firewall path to my backend database from the DMZ. I would suggest looking at the following: Firewall | | | | +-+-Switch--+------------+ <= VLAN | | ^ ^ | | | | | | | DMZ port | | | DMZ::web ZONE::DBase ZONE port Set up the VLAN so that only DMZ::web can access ZONE::DBase Gurus: please let me know if this won't work. Thanks. -- Cheers, Balázs _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- dmz question Ferrari, Martín (Nov 05)
- Re: dmz question George Capehart (Nov 08)
- Re: dmz question Balázs Nagy (Nov 08)
- Re: dmz question Joe Dauncey (Nov 09)
- <Possible follow-ups>
- RE: dmz question Behm, Jeffrey L. (Nov 06)