Welcome to ISAserver.org

Should a Anonymous DMZ server be a domain member?

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Firewall] >> DMZ >> Should a Anonymous DMZ server be a domain member?

Page: [1]

Message

<< Older Topic Newer Topic >>

Should a Anonymous DMZ server be a domain member? - 9.Mar.2006 10:27:39 PM

PCC

Posts: 185
Joined: 13.Nov.2001
From: Michigan
Status: offline

Should a Anonymous DMZ server be a domain member? Or should it be in a seperate workgroup? If making the server a domain member is OK what firewall rules are necessary for proper communications without opening up any security holes?

Post #: 1

Featured Links*

RE: Should a Anonymous DMZ server be a domain member? - 13.Mar.2006 3:33:13 AM

tshinder

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi PCC,

No domain members should ever be placed in an anonymous access DMZ. Domain members can be placed in authenticated access DMZs.

Check out my DMZ article series on the multiperimeter ISA firewall.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to PCC)

Post #: 2

RE: Should a Anonymous DMZ server be a domain member? - 13.Mar.2006 2:19:04 PM

PCC

Posts: 185
Joined: 13.Nov.2001
From: Michigan
Status: offline

Hi Tom,

Thanks for the reply. That's what I figured (and how I'm set up) but I thought I saw something stating otherwise in one of your articles. But it must have been refering to authenticated a DMZ.

Thanks again.

(in reply to tshinder)

Post #: 3