Home page logo
/

firewall-wizards logo Firewall Wizards mailing list archives

Re: dmz question
From: Balázs Nagy <nagy () balazs org>
Date: Sun, 05 Nov 2000 19:20:00 -0700

Ferrari, Martín wrote:

>    I have the following architecture: INTERNET - FIREWALL - DMZ -
> FIREWALL - INTERNAL NETWORK
>    I can't decide whether to put my application server inside the DMZ
> or inside the internal network. The app server will serve all secure content
> and has access to the DB server.
>    If I put the app server inside the DMZ zone and someone breaks into
> the DMZ, s/he can have access to my App Server, and besides that, I have to
> open a firewall path to my backend database from the DMZ.

I would suggest looking at the following:

Firewall
| |
| |
+-+-Switch--+------------+ <= VLAN
            |            |
^ ^         |            |
| |         |            |
| DMZ port  |            |
|          DMZ::web     ZONE::DBase
ZONE port

Set up the VLAN so that only DMZ::web can access ZONE::DBase


Gurus: please let me know if this won't work. Thanks.
--
Cheers,
        Balázs


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault