02-04-2002 12:26 PM - edited 03-08-2019 09:44 PM
If I create a DMZ zone, can I place servers from my current NT domain in it and still have logon capabilities and NETBIOS access to these servers? If so, does this require the use of access lists?
02-07-2002 08:23 AM
By allowing NETBIOS between the two networks, you might as well place all the DMZ servers in your internal network. It is really not a good solution. The servers in the DMZ should NOT be a part of your internal NT domain. They should be as isolated as possible and only traffic absolutely required between both network should be allowed. The more stricter you can be the better. Ideally, no traffic between both networks should occur (but this is not always doable).
02-07-2002 09:11 AM
I need to be able to write data to the server on the dmz from my internal. Is it ok to build this dmz server as part of the same domain as the internal and only allow one way traffic to the dmz or just build the server on the dmz as a separate domain?
02-07-2002 09:20 AM
I am putting all my DMZ servers in their own seperate domain with trusts in place that allow only Internal to log onto the DMZ servers but not DMZ to log onto internal. This is in addition to any access lists. The DMZ is not visable in a browse list from internal but is still reachable via various methods. If you HAVE to make the DMZ servers part of the same domain make sure they are NOT domain controllers! By default High security (internal) should always be able to get to low security (DMZ).
02-07-2002 11:11 AM
What trusts would I put in place if the dmz servers were to be part of a different domain. What do you mean by allowing internal servers to log onto the dmz servers? Do you mean just accessing them by means of a mapped drive?
02-07-2002 11:20 AM
You should't trust servers in the DMZ. That is the reason to place them their in the first place. If you need to access these servers, look at protocols like secure FTP or Secure shell.
02-15-2002 08:11 PM
Hi,
If you place a BDC or PDC in the DMZ you will be able to logon from your inside network to to PDC or BDC in the DMZ. For this task you don't need to open any Netbios port.
I will not recomand that you open any port from your DMZ to your Inside.
Hope it helped :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide