Network ports questions

02-07-2006, 01:03 PM

We have an IIS server 6.0/Windows server 2003 sp1 located in the DMZ and
needs to communicate with following servers on the internal network.

A- IIS will be a member of NT domain, on internal network, and needs to be
able to logon to the domain, on internal network, from DMZ

B- IIS needs to authenticate external users accessing it's Web site, against
NT domain on internal network - from DMZ.

A- IIS needs read/write access from DMZ to a MS SQL server 2000, runs on NT
BDC, on Internal network.

What ports should be open at the firewall level to allow these types of
communications IIS on DMZ network to NT domain and SQL server 2000 on
internal network?

Thanks in advance,
Bruno

02-07-2006, 03:05 PM

"Bruno Nemani" <(E-Mail Removed)> wrote in message
news:%23tMN58%(E-Mail Removed)...
> What ports should be open at the firewall level to allow these types of
> communications IIS on DMZ network to NT domain and SQL server 2000 on
> internal network?

Virtually everything you are never supposed to allow. You would be
effectively sticking your LAN out on the Internet uprotected.

Either have the DMZ machine "VPN" back into the LAN to contact the machines
they need to contact,.....OR.....Use ISA's various Publishing features and
put the IIS machines in the LAN instead of the DMZ. You really wouldn't
even need the DMZ anymore and could run the ISA as an "edge" device that
directly faces the Internet.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/pro...isaserver.mspx
-----------------------------------------------------

02-07-2006, 03:09 PM

Sorry, with all those acronyms in there I thought I saw an ISA.
None-the-less, whatever firewall you use,...use the comparable features in
your firewall to do one of the two things I suggested.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/pro...isaserver.mspx
-----------------------------------------------------

02-07-2006, 06:28 PM

Hi Philip,
Appreciate your feedback and don't worry about the acronyms.
In fact I am building an internal ISA, back-end firewall, server with a
couple of isolated dmz segments. I am hoping I can move the IIS into a dmz
segment behind the back-end firewall and then create access rules or
publishing rules to make these communication happens.

Thanks again for your feedback,
Bruno

"Phillip Windell" <@.> wrote in message
news:(E-Mail Removed)...
> Sorry, with all those acronyms in there I thought I saw an ISA.
> None-the-less, whatever firewall you use,...use the comparable features in
> your firewall to do one of the two things I suggested.
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
> -----------------------------------------------------
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/IS...cessRules.html
>
> Microsoft Internet Security & Acceleration Server: Guidance
> http://www.microsoft.com/isaserver/t...dance/2004.asp
> http://www.microsoft.com/isaserver/t...dance/2000.asp
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/partners/default.asp
>
> Deployment Guidelines for ISA Server 2004 Enterprise Edition
> http://www.microsoft.com/technet/pro...isaserver.mspx
> -----------------------------------------------------
>
>
>

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
problem with dual network ports	tg	Home Networking	4	09-12-2009 09:06 PM
Network Speed Control between Ports	Sandmaneo	Network Routers	3	09-04-2006 06:38 PM
Proper routes for linux machine with two network ports to same network	fuzzybr80@gmail.com	Linux Networking	2	04-07-2006 08:14 PM
How could i build a network using the USB ports?	=?Utf-8?B?bW91ZG1pbg==?=	Windows Networking	1	01-03-2004 03:32 PM
USB port adapter -> Multi USB ports existing ? Extending number of USB ports possible ?	Thomas Jerkins	Windows Networking	1	12-24-2003 01:15 PM