Hi Guys,
I'm facing some problem to design my network, hope to get some advice over here..
Please find my current design below...
Current design,
Fortigate Firewall
| |
Cisco 3750
|| ||
Cisco 2960 Cisco 2960
(VLAN 10) (VLAN 20)
My web server or application server located at VLAN 10, and my database server located at VLAN 20...
My web server or application server need to communicate with my database server all the time.. (example, user login, authetication, transaction record and etc)
Normal design for the network, web server should place to DMZ network.. because it is face to public network... (untrusted network)....
Database server should be under Internal network. (trusted network)
After the research from the web, DMZ should not be communicate with the internal network (Database server) due with the security concern...
In order the web server (DMZ) communicate to database server, what is the best practise to setup this network?
Should I place the database server to DMZ network as well??
Looking forward to get some expert advice.
Appreciate it...
Thanks.