Assuming that you are using a single firewall and single NICs on the Web servers, you may try enabling Netbios on the interface, then creating IPSec rules to allow NBT connectivity only from your trusted LAN - here again I am assuming that the DLT is in your trusted LAN.
A better, yet more expensive scenario is to multihome the Web servers and use 2 firewalls - one between the Internet and the servers public interface without NBT binding, and the other between your trusted LAN and the private side interface with the NBT binding. In this case, your internal FW only allows NBT traffic to initiate from the LAN to the servers in the DMZ, and not the other way around. You can again use IPSec policies on the servers for best control of services available on any interface. A third option, although I have not tried this. If your backup server is a Win2k box, you may be able to use direct hosting of SMB over port 445 rather than enabling NBT on the interface at all. Damon -----Original Message----- From: Sean Richardson [mailto:[EMAIL PROTECTED]] Sent: Monday, February 11, 2002 10:43 AM To: [EMAIL PROTECTED] Subject: Backup for win2k boxes in the DMZ Looking for opinions on the best method to back up Win2K web servers in a DMZ from a single server with a DLT drive. It seams that most backup programs need netbios enabled in order to backup remote machines and would much rather not have this enabled even though it would be blocked at the firewall. Thanks!
