Patching Webserver on DMZ
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-28-2007 06:50 PM - edited 03-11-2019 03:37 AM
I would like to know what other companys out there doing to patch servers that's in the DMZ. Do you allow connections between the Webserver in the DMZ to your Internal/Inside SUS? if not, do you have an SUS server on the DMZ that have internet access and collect security updates and push this security updates to the Webserver in the DMZ? i would like to know the best practice.
- Labels:
-
NGFW Firewalls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-29-2007 12:46 AM
Hi
It is good practice if at all possible to not allow connections from the DMZ into your internal network. Obviously this is not always possible but if you can avoid i you should.
If the SUS server can push updates to the web server in the DMZ that is preferable to the web server contacting the SUS server.
Otherwise as you say you can deploy a SUS server in the DMZ which is then used to update the web server.
HTH
Jon
