I have 2 servers on dmz with the following access list on the dmz interface of the pix firewall:
access-list acl_dmz permit tcp any any eq www
access-list acl_dmz permit tcp host V any
access-list acl_dmz permit ip host V any
access-list acl_dmz permit icmp any any
and on the outside one of the AL is :
access-list acl_out permit tcp any host V eq https
As is obvious, my servers can send any tcp or ip traffic thru the pix.
I need to allow https traffic to V as it is a webserver and needs to be accessible from outside. Also, my webserver communicates with sql databases located on the inside via JSP's.
So if someone gets into server V in dmz via https, he can also get into the inside network??
am i right in thinking so, if yes, what do i do to make it more secure.