Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
282
Views
0
Helpful
1
Replies

Patching Webserver on DMZ

nocret808
Level 1
Level 1

‎06-28-2007 06:50 PM - edited ‎03-11-2019 03:37 AM

I would like to know what other companys out there doing to patch servers that's in the DMZ. Do you allow connections between the Webserver in the DMZ to your Internal/Inside SUS? if not, do you have an SUS server on the DMZ that have internet access and collect security updates and push this security updates to the Webserver in the DMZ? i would like to know the best practice.

Labels:
0 Helpful
1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

‎06-29-2007 12:46 AM

Hi

It is good practice if at all possible to not allow connections from the DMZ into your internal network. Obviously this is not always possible but if you can avoid i you should.

If the SUS server can push updates to the web server in the DMZ that is preferable to the web server contacting the SUS server.

Otherwise as you say you can deploy a SUS server in the DMZ which is then used to update the web server.

HTH

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card