I have a situation where I have a Server, which will host web
content from "Internal" Data to the external world. This Server Needs only
have web services accessible to the outside world beyond our network. Our
current configuration is a Cisco Hardware Nat/Router Packet filter directly
connected to the Internet connection. Connected to that is our MSProx2.0
(Being replaced with ISA Server soon)... One individual wishes to place this
new web server directly behind the NAT alongside the Prox, With a so called
"one way" push only network connection to the internal network. This seems
like a bad idea to me. My suggestion was Place the Web server behind the
prox and use Reverse prox to redirect all web traffic to only this single
internal Web server. This to me seems to be more secure than a second
machine sitting in the DMZ with a connection to the internal network.
I'm new in the Security firewall game so all suggestions and help would be
great... Especial any source's for Best Practices or suggested
configurations. Basically any and all information would be great!
Thanks!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
