Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
701
Views
0
Helpful
6
Replies

Creating a DMZ zone with Servers from existing domain

torszula
Level 1
Level 1

‎02-04-2002 12:26 PM - edited ‎03-08-2019 09:44 PM

If I create a DMZ zone, can I place servers from my current NT domain in it and still have logon capabilities and NETBIOS access to these servers? If so, does this require the use of access lists?

Labels:
0 Helpful
6 Replies 6

rrbleeker
Level 1
Level 1

‎02-07-2002 08:23 AM

By allowing NETBIOS between the two networks, you might as well place all the DMZ servers in your internal network. It is really not a good solution. The servers in the DMZ should NOT be a part of your internal NT domain. They should be as isolated as possible and only traffic absolutely required between both network should be allowed. The more stricter you can be the better. Ideally, no traffic between both networks should occur (but this is not always doable).

0 Helpful

torszula
Level 1
Level 1
In response to rrbleeker

‎02-07-2002 09:11 AM

I need to be able to write data to the server on the dmz from my internal. Is it ok to build this dmz server as part of the same domain as the internal and only allow one way traffic to the dmz or just build the server on the dmz as a separate domain?

0 Helpful

travis-dennis_2
Level 7
Level 7
In response to torszula

‎02-07-2002 09:20 AM

I am putting all my DMZ servers in their own seperate domain with trusts in place that allow only Internal to log onto the DMZ servers but not DMZ to log onto internal. This is in addition to any access lists. The DMZ is not visable in a browse list from internal but is still reachable via various methods. If you HAVE to make the DMZ servers part of the same domain make sure they are NOT domain controllers! By default High security (internal) should always be able to get to low security (DMZ).

0 Helpful

torszula
Level 1
Level 1
In response to travis-dennis_2

‎02-07-2002 11:11 AM

What trusts would I put in place if the dmz servers were to be part of a different domain. What do you mean by allowing internal servers to log onto the dmz servers? Do you mean just accessing them by means of a mapped drive?

0 Helpful

rrbleeker
Level 1
Level 1
In response to torszula

‎02-07-2002 11:20 AM

You should't trust servers in the DMZ. That is the reason to place them their in the first place. If you need to access these servers, look at protocols like secure FTP or Secure shell.

0 Helpful

c.reglat
Level 1
Level 1

‎02-15-2002 08:11 PM

Hi,

If you place a BDC or PDC in the DMZ you will be able to logon from your inside network to to PDC or BDC in the DMZ. For this task you don't need to open any Netbios port.

I will not recomand that you open any port from your DMZ to your Inside.

Hope it helped :)

0 Helpful
Customers Also Viewed These Support Documents