Patching Webserver on DMZ

Unanswered Question
Jun 28th, 2007

I would like to know what other companys out there doing to patch servers that's in the DMZ. Do you allow connections between the Webserver in the DMZ to your Internal/Inside SUS? if not, do you have an SUS server on the DMZ that have internet access and collect security updates and push this security updates to the Webserver in the DMZ? i would like to know the best practice.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Fri, 06/29/2007 - 00:46


It is good practice if at all possible to not allow connections from the DMZ into your internal network. Obviously this is not always possible but if you can avoid i you should.

If the SUS server can push updates to the web server in the DMZ that is preferable to the web server contacting the SUS server.

Otherwise as you say you can deploy a SUS server in the DMZ which is then used to update the web server.




This Discussion