Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 7 subscribers
  • Views 735 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Server behind WAF

Mohamed Hassan

Hi Guys. Supposed you have a server that needs to communicate internally and also be publicly accessible. For this situation you would create two interfaces for the server with one interface in the DMZ and the other in the internal network.

So what if you put the server behind a WAF? Will one interface in the internal network is sufficient and is considered secure since the WAF will be acting as a reverse proxy and would be mapped to the internal interface.

 



This thread was automatically locked due to age.
Parents
  • 0

    Hello Mohamed,

    I would not recpommend a second leg to the internal net for that server. This almost always weakens the concept of a DMZ.

    Instead you should publish a second DNS-entry for the systems to reach this server from internal. This is called a "split-brain DNS".

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0

    Hello Mohamed,

    I would not recpommend a second leg to the internal net for that server. This almost always weakens the concept of a DMZ.

    Instead you should publish a second DNS-entry for the systems to reach this server from internal. This is called a "split-brain DNS".

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data
Unfiltered HTML