I have 2 x pix515e's to setup. This is for a colo so there are no workstations/users on the lan/secured int. However i do have sql servers that i would like to keep out of the dmz from the web servers.
should i setup the pix with 3 interfaces: 1 outside, 1 dmz, and 1 secure.
i would like traffic from outside to not be allowed into the secured int but there will be several mappings from outside to dmz. also some traffic will need to be allowed to pass from the secured to dmz (can be open) and dmz to secured (this needs to be controlled).
also, these servers are all on the same domain. should i put the domain controller servers in the secured area as well?
any insights appreciated.