"Kenneth Keeley" <(E-Mail Removed)> wrote in message news:<#(E-Mail Removed)>...
> Hi,
> Can I place a Web Server in to a DMZ and then allow only it to access
> other servers that are inside my firewall. I.E. I would like to have the
> outside world only be able to access my web server via port 80 or port 443,
> and not be able to get through my filewall to any other computers. I would
> then like the web server to be able to get to a selected file server for the
> saving of uploaded and valid files, as well as accessing an SQL Server for
> data logging. If I did this I think it would create a very safe internal
> network as only the webserver comming from inside the DMZ would be able to
> access the internal network. Will all of this work? Will a Cisco PIX
> Firewall handle this configuration.
Just to clarify:
A DMZ, per se, requires a firewall between the Internet and the host(s)
in the DMZ and also between the host(s) in the DMZ and the internal net.
This can be done with a single firewall with three NICs or with two
firewalls.
The interior firewall would prevent the web server from accessing
internal hosts (except, for example, the database server over
ports 1433/1434). I would suggest the two firewall solution, if
possible. Yes, PIX can handle this.
--
Matt Hickman
Then a herd of cattle filled the gate and came flooding
toward him, bawling and snorting. They were prime Hereford
steers, destined to become tender steaks and delicious
roasts for a rich but slightly hungry Earth.
- Robert A. Heinlein (1907-1988)
_Tunnel in the Sky_ (c 1955)
|
Linear Mode
