RE: Web and Email servers... to DMZ or not to DMZ

  • From: Barrett Fowler <bfowler@xxxxxxxxxxxxxx>
  • To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 27 Dec 2001 15:25:20 -0600

Stefaan,

Thanks for the reply. When I said users I was talking about everyone with a
private IP. As far as external users, I will have two types: 1. VPN over
dial-up connections (employees) who will access Exchange and the internal
network, and 2. People who will access the website (80 & 443). Hope this
helps.

-----Original Message-----
From: Stefaan Pouseele [mailto:stefaan.pouseele@xxxxxxx]
Sent: Thursday, December 27, 2001 3:11 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Web and Email servers... to DMZ or not to DMZ


http://www.ISAserver.org


Hi Barrett,

you are talking about very sensitive information on your SQL server and you
want to use the full blown Exchange client. Whatever firewall you choose
this always a tricky problem.

Before I can give you some advice, what is the scope of the user population?
Should those services be available to the general public or only to a very
well defined user population (i.e. internal users who work from the
outside)? Can you elaborate on that?

I ask that question because the full blown Exchange client is not very
firewall friendly at the protocol level. Also, because the webserver need
access to very sensitive information, you'll have to shield that server as
much as possible.

Regards,
Stefaan

-----Original Message-----
From: Barrett Fowler [mailto:bfowler@xxxxxxxxxxxxxx]
Sent: donderdag 27 december 2001 20:08
To: [ISAserver.org Discussion List]
Subject: [isalist] Web and Email servers... to DMZ or not to DMZ


http://www.ISAserver.org


I would just like some advice. I am doing some planning before purchasing
ISA as a firewall/proxy/cache server. I have a webserver and an email
server that I thought I might like to put into a DMZ. The webserver must
make requests to a SQL server, this would violate my internal network
assuming my SQL server is on the internal network. The SQL data is very
sensitive and must remain inside the internal network. Should I just
publish my web and email servers and forget the DMZ? How secure is
publishing compared to a DMZ? I would also like my users to be able to use
the full blown Exchange client. Thanks in advance for all of your help.

Cheers,
Barrett

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
stefaan.pouseele@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bfowler@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


Other related posts: