Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

DMZ a Webserver or allow Access to Internal Web - Web Needs Access to SQL

I'm in the process of putting a new Webserver online and am a bit un sure where I should put it, in the DMZ, or leave it on the Intranet.

The Webserver has Intranet Internal Pages and Public Content. Both of which get most of the content from a SQL Server on the Intranet.

So Whats better, to have the Web on the DMZ and open up the PIX between the Webserver and the SQL Server, or just keep the Webserver on the internal Side of the PIX and have the PIX map though port 80/443 on the Web server?

Any Suggestions, coments, etc. would be appreciated.



Community Member

Re: DMZ a Webserver or allow Access to Internal Web - Web Needs

Well, Scott, as far as I am concerned I would put it in the DMZ.

This simply because this way you have more control of the traffic that comes out of that server and at the same time you protect more your Intranet.

For example, if your server becomes compromised because of some bug of the HTTP Server, it's better for you to have it in the DMZ and let only the SQL traffic pass to the Intranet than to some hacker issuing commands with access to the internal hosts!

That's my suggestion!

Pedro Ferraz

CreatePlease to create content