Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
347
Views
0
Helpful
2
Replies

DMZ question

NInja Black
Level 1
Level 1

‎11-18-2014 09:49 AM - edited ‎03-11-2019 10:06 PM

Hi,

 I have a DMZ network setup on ASA5525. The windows servers in the DMZ are accessible from outside from salesforce.com ip addresses only and from our internal LAN from the inside. These servers need to connect to the SQL servers on the internal LAN.

 

These windows servers need periodic windows updates. How do I config the DMZ so that the servers can get windows update automatically. Also is the current access from outside and the internal network the most secure way? Please advise.

Labels:
0 Helpful
2 Replies 2

Karsten Iwen
VIP
VIP

‎11-18-2014 12:02 PM

"most secure way" is never a fixed value. For even more security you could place your SQL-servers in an additionally DMZ to also separate them fron the rest of the network.

For communication from DMZ to SQL-Serves: Just allow the relevant ports in the DMZ-ACLs.

For allowing windows updates, I prefer to set up a dedicated WSUS in a DMZ-network. All Windows Servers connect to the WSUS and don't need their own internet-access. If you don't want a WSUS or a dedicated proxy for internet access, you could allow the servers to directly connect to the relevant domains for windows update.

0 Helpful

NInja Black
Level 1
Level 1
In response to Karsten Iwen

‎11-19-2014 08:23 AM

I guess the security level I have setup is secure enough. Don't want to have another DMZ just for the 1 SQL server we have.

 

WSUS is wjat we are looking into right now.

 

Thanks Karsten.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card