Firewall Wizards mailing list archives

Re: dmz question

From: Balázs Nagy <nagy () balazs org>
Date: Sun, 05 Nov 2000 19:20:00 -0700

Ferrari, Martín wrote:

>    I have the following architecture: INTERNET - FIREWALL - DMZ -
> FIREWALL - INTERNAL NETWORK
>    I can't decide whether to put my application server inside the DMZ
> or inside the internal network. The app server will serve all secure content
> and has access to the DB server.
>    If I put the app server inside the DMZ zone and someone breaks into
> the DMZ, s/he can have access to my App Server, and besides that, I have to
> open a firewall path to my backend database from the DMZ.

I would suggest looking at the following:

Firewall
| |
| |
+-+-Switch--+------------+ <= VLAN
            |            |
^ ^         |            |
| |         |            |
| DMZ port  |            |
|          DMZ::web     ZONE::DBase
ZONE port

Set up the VLAN so that only DMZ::web can access ZONE::DBase


Gurus: please let me know if this won't work. Thanks.
--
Cheers,
        Balázs


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

dmz question Ferrari, Martín (Nov 05)
- Re: dmz question George Capehart (Nov 08)
- Re: dmz question Balázs Nagy (Nov 08)
  - Re: dmz question Joe Dauncey (Nov 09)
- <Possible follow-ups>
- RE: dmz question Behm, Jeffrey L. (Nov 06)