I want to put a Citrix terminal server on my dmz that from there will have access to a MSSQL database on the inside network. My question is why is this neccessary? Is not this the same as putting the Citrix on the inside network and just setting up 1 static and 1 ACL for the relative ports. I realize the DMZ is more secure than the internal network but when I open the ports and set up a static from the dmz to the inside it seems that I am just essesntially adding one more step and more statics to manage. Can someone please elaborate alittle more on this.
1. DMZ is less secure than the inside network. That is the concept of DMZ.
2. The reason why you want to put your Citrix server on the DMZ and the MSSQL server on the inside network is that, if somebody breaks into the citrix server and hence the DMZ, your SQL database is still safe.
3. Throguh the firewall, you only open ports so that ONLY the citrix machine can access the SQL server. host to host and only required ports.
The reason is that traffic will be required to pass through 2 firewall rulesets (called the layer seperatred model). One to access the Citrix box and one for the citrix box to connect to the SQL server. Direct access to your local LAN means that if the Citrix box is owned, a potential attacker has access to your entire internal network. It is not essential to do this but is a good security practice
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :