Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Patching Webserver on DMZ

I would like to know what other companys out there doing to patch servers that's in the DMZ. Do you allow connections between the Webserver in the DMZ to your Internal/Inside SUS? if not, do you have an SUS server on the DMZ that have internet access and collect security updates and push this security updates to the Webserver in the DMZ? i would like to know the best practice.

1 REPLY
Hall of Fame Super Blue

Re: Patching Webserver on DMZ

Hi

It is good practice if at all possible to not allow connections from the DMZ into your internal network. Obviously this is not always possible but if you can avoid i you should.

If the SUS server can push updates to the web server in the DMZ that is preferable to the web server contacting the SUS server.

Otherwise as you say you can deploy a SUS server in the DMZ which is then used to update the web server.

HTH

Jon

115
Views
0
Helpful
1
Replies
CreatePlease to create content