Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
313
Views
0
Helpful
3
Replies

Is it standard proceedure to allow internal users to access DMZ servers?

cclinton383
Level 1
Level 1

‎03-21-2007 09:26 AM - edited ‎03-11-2019 02:50 AM

I have never allowed my internal users to access web based front end servers in my DMZ but it seems a lot of companies are doing this now. So the question is:

Is it standard proceedure to allow internal users to access DMZ servers?

Labels:
0 Helpful
3 Replies 3

abinjola
Cisco Employee
Cisco Employee

‎03-21-2007 10:37 AM

well I guess you are the best person to decide that...moreoever if you really need it thana you can open port 80 by applying access-list on inside interface allowing only port 80 to dmz apart making sure the access-list doesnt block anything else...

0 Helpful

cclinton383
Level 1
Level 1
In response to abinjola

‎03-21-2007 10:48 AM

Actually I was hoping to get the Cisco veiw on if this is a good standard practice and are there any security reasons not to allow internal users direct access to the DMZ servers.

0 Helpful

abinjola
Cisco Employee
Cisco Employee
In response to cclinton383

‎03-21-2007 10:54 AM

well Cisco Tac recommends as much narrowed down access-rules/permissions as possible, not a complete hole in the system....so try to narrow it down to specific hosts and specific services and ports using the access-lists

access-l abc permit tcp any eq 80

access-l abc deny ip any

access-l abc permit ip any any

access-g abc in interface inside

the above should be good

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card