This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Should web servers be in a DMZ?

Just wondering how everyone protects their web servers.

Where I work the web servers were never put in a DMZ, we have a DMZ and use to use NAT to forward to an ISA\TMG server.

We now use Sopjos and have web servers on the LAN and use the WAF to protect these servers. Which include sharepoint web servers and some other custom websites, these all authenticate to an STS token server.

Would it still make sense for me to put these in the DMZ?

If so what's best practice with regards to allowing it access to the Domain? As they would need to access the SQL databases on the internal cluster and AD/DNS.

This thread was automatically locked due to age.

Parents

0 BarryG over 10 years ago

Hi,

I've seen all of those.

I'm using NAT to DMZ at one location, and WAF to Internal at another.

However, if everything was up to me, I would prefer that the Internal server be in a DMZ, with or without WAF.

BTW, if you don't want AD, etc. in your DMZ (for SharePoint), you can create a new DMZ.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BarryG over 10 years ago

Hi,

I've seen all of those.

I'm using NAT to DMZ at one location, and WAF to Internal at another.

However, if everything was up to me, I would prefer that the Internal server be in a DMZ, with or without WAF.

BTW, if you don't want AD, etc. in your DMZ (for SharePoint), you can create a new DMZ.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data