Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Topology: Web Server that talks with LAN?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> Installation and Planning >> Topology: Web Server that talks with LAN? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Topology: Web Server that talks with LAN? - 12.Nov.2007 1:13:26 PM   
charlieit

 

Posts: 83
Joined: 19.Aug.2004
From: US
Status: offline 		Based upon Tom's awesome article:

http://www.isaserver.org/tutorials/Creating-Multiple-Security-Perimeters-Multihomed-ISA-Firewall-Part1.html

I already have a Front-End Exchange Server in an "Authenticated Access DMZ".

My question is where to put a public access web server which needs to communicate with an ERP Server on the "Internal Corperate Network"?  Do I put the web server in the "Anonymous Access DMZ" and then open holes needed to communicate via MS SQL SVR?  OR do I put the web server in the "Internal Corporate Network" and restrict all traffic from the WAN except port 80?

Please let me know your thoughts.

Thank You!

Charlie

Post #: 1
RE: Topology: Web Server that talks with LAN? - 18.Nov.2007 11:45:45 AM   
tshinder

 

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Charlie,

I'd put it in the anonymous access DMZ, since the initial connection is anonymous.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to charlieit)
Post #: 2
RE: Topology: Web Server that talks with LAN? - 19.Nov.2007 9:33:24 AM   
charlieit

 

Posts: 83
Joined: 19.Aug.2004
From: US
Status: offline 		I was thinking that, but...

...the web app needs to communicate with an MS SQL Server and an ERP System on the LAN.  I would need to punch a couple of holes to allow this communication between the Anonymous Access DMZ and the LAN.

I was afraid doing this might be a big security risk.


(in reply to charlieit)
Post #: 3
RE: Topology: Web Server that talks with LAN? - 19.Nov.2007 10:47:55 AM   
tshinder

 

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline 		It is, to a certian extent. But much less so than allowing anonymous connections to your authenticated access DMZ.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to charlieit)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> Installation and Planning >> Topology: Web Server that talks with LAN? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts