Simple Firewall Question

Unanswered Question
Apr 10th, 2007

Have routing or other Cisco types of devices gotten to the state where they can actually provide a DMZ with http/s services without physical servers in the DMZ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Collin Clark Thu, 04/12/2007 - 06:04

Do you mean can they translate to an inside address? They have for years.

smartin0611 Thu, 04/12/2007 - 06:24

Bear with me regarding my naivete. I need to provide secure access from the Internet where HTTP services in the DMZ would trigger other types of processing in the secure network area. Previously, I've seen an HTTP server placed in the DMZ that would trigger the processing on an application server inside the intranet. Does the need for the HTTP server in the DMZ still exist? Thanks.

Collin Clark Thu, 04/12/2007 - 06:43

I'm confused now! Can you give me a more specific example? I'm not sure what you mean by "triggering other types of processing".

smartin0611 Thu, 04/12/2007 - 06:57

For Oracle E-Business Suite, initial connectivity is performed as an HTTP connection. After initial authentication, other types of services (Forms/J2EE/IIOP activity) are started that actually provide a "richer than HTML" user interface experience.

Collin Clark Thu, 04/12/2007 - 07:11

OK, so you want to kow if you can have the web server on the inside along with Oracle and other apps and have them all communicate w/o a DMZ? Is that correct?

smartin0611 Thu, 04/12/2007 - 07:26

Exactly. Since some of the software licenses are by CPU, not requiring an additional server in the DMZ lessens our expeneses.

Collin Clark Thu, 04/12/2007 - 07:41

Cisco certianly supports it. It was never a feature limitation (that I know of) but more of a security feature/vulnerability.


This Discussion