Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Can a web server setup in DMZ access SQL server on LAN?

We're working on setting up a new application that needs a web server (IIS) and a SQL Server.

Local PC's on the LAN will talk to the SQL server normally. Mobile users use web server to access app.

My question is, can the web server in DMZ talk to the SQL server (can DMZ server see a LAN server)? If so, how is the DMZ a "safe" place?

Should both SQL and web server be in DMZ and if so, how does that affect access to LAN clients?

Category: Entry Level Firewalls
Reply

Answers

  • e__ne__n Newbie ✭

    You can enable access to the SQL Server from a specific host in the DMZ through policy. Depending on your policies and risk profile, it might be a good practice to isolate the SQL Server further from the LAN. If SQL is in the LAN everything on the LAN will have full access. If it's in a different network, policy can be dictated to define access. You certianly could put the SQL Server in the DMZ - again, depends on your risk profile and internal policies. There may be best practice or guidance for this in your particular industry or line of business.

Sign In or Register to comment.