mailing list archives
Re: dmz question
From: Balázs Nagy <nagy () balazs org>
Date: Sun, 05 Nov 2000 19:20:00 -0700
Ferrari, Martín wrote:
> I have the following architecture: INTERNET - FIREWALL - DMZ -
> FIREWALL - INTERNAL NETWORK
> I can't decide whether to put my application server inside the DMZ
> or inside the internal network. The app server will serve all secure content
> and has access to the DB server.
> If I put the app server inside the DMZ zone and someone breaks into
> the DMZ, s/he can have access to my App Server, and besides that, I have to
> open a firewall path to my backend database from the DMZ.
I would suggest looking at the following:
+-+-Switch--+------------+ <= VLAN
^ ^ | |
| | | |
| DMZ port | |
| DMZ::web ZONE::DBase
Set up the VLAN so that only DMZ::web can access ZONE::DBase
Gurus: please let me know if this won't work. Thanks.
firewall-wizards mailing list
firewall-wizards () nfr com