hi ya roy
you dont....
never bring stuff from the outside back inside your lan
do your work/updates on a local staging server..
and release that to the utside dmz
- you already have a backup of all servers on the dmz
- if the webservers create its own local db and stuff
on the fly... keep that backup on the second decicated dmz only
accessbile by that web server that needs its db
c ya
alvin
http://www.Linux-Backup.net
On Tue, 5 Feb 2002 [EMAIL PROTECTED] wrote:
> We have a need to backup servers in the DMZ. We're using Veritas BackupExec
> 8.6 for NT/2000. However, I'm a bit concerned about running the backups
> through the firewall (Sonicwall Pro), just because it's a lot of data that
> possibly could instead go through a separate physical Ethernet network - if
> you all bless it!?
>
> Backup Exec does have the ability to utilize a separate physical Ethernet
> network/sub-net. So long as none of the servers (LAN Backup Server and DMZ
> Web Servers) have TCP/IP forwarding enabled, would it really represent a
> security risk/vulnerability to stick another NIC in the DMZ servers and the
> Backup Server and simply back them up through the separate Ethernet network
> rather than bogging down the firewall with all packets???
>
> Thanks very much!
>
> Roy.
>
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> http://lists.gnac.net/mailman/listinfo/firewalls
>
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
