DMZ or not (web publishing) (Full Version)

All Forums >> [ISA Server 2000 Firewall] >> DMZ


QCumber -> DMZ or not (web publishing) (2.Oct.2003 3:39:00 PM)

Hi there,


I need to add a public facing www server to an existing ISA server setup.

The www server hosts a SQL database and also needs to be accessed by an application server on the internal LAN.

I've spent the last few days reading the (excellent) info on this site, the microsoft site, Tom Shinders book and the Learnkey ISA Server CBT course and all I have to show for it is a headache!

My initial plan was to set up a Tri-homed DMZ configuration with the www server sat in it. But I get the impression there are better ways to do it in ISA server - like using the web publishing facility? Also, I don't think the app server (on the internal 10.x network) would be able to access the www server (on the public 62.x network in the DMZ) or would it?

If I keep the www server on the internal 10.x network can I just use NAT to redirect the incoming public web traffic to the server? I know this would allow the app server to contact the www server without any problems, but I'm concerned about the security aspects.

Any (constructive) suggestions would be greatly received.



Page: [1]