Best way to secure web server that needs LAN access
I'm new to networking and I need to setup a DMZ zone for my web server on my Sonicwall TZ300W.
I have a web server that hosts (3) websites and (1) web service. 2 of the websites require access to our SQL server that sits on the LAN. Currently, it was setup to port forward and both web server and SQL server are in the LAN zone. What is the most secure way I can setup this configuration?
I'm reading that it is not a good security practice to open up ports for access from the DMZ to the LAN.