|
Ron,
I have a
similar configuration in having a server inside my internal network and needs to
be access by the web server. Use NAT for your library database and create
a rule in your policy to allow your web server to the natt'ed server.
Allow which services is approriate for you. Then you may or may not
need to add a route to your web server to point to your library database:
route add internal_address gateway
Hope this
helps. Good luck.
Regards,
Joaquin
I have a web server with a library application that remote
users can use to browse the library catalogue and reserve books. The book
titles and availability are kept in a backend database. The problem with the
application is that the web server needs to query the database and this will
be done in a pull fashion as opposed to a push. I'd prefer not to have dmz
initiated traffic coming into my internal network however I am stuck with this
application and it's limitations. The firewall is checkpoint firewall-1. The
web server will be placed in a screened subnet and the database in the
internal network.
Does anyone have any best practices ideas on how the risk
can be limited? The library database also needs to be accessable and
modifiable by internal DBA and library staff so they want it tied to the
production network.
Thanks for any info, pointers, ideas,
Ron
|
