Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [dmz]

In computer security, a DMZ, or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization's external services to a larger untrusted network, usually the Internet. The term is normally referred to as a DMZ by information technology professionals. It is sometimes referred to as a perimeter network.

In computer security, a DMZ, or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization's external services to a larger untrusted network, usually the Internet. The term is normally referred to as a DMZ by information technology professionals. It is sometimes referred to as a perimeter network.

The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN); an external attacker only has access to equipment in the DMZ, rather than any other part of the network.

204 questions
2
votes
5 answers

SFTP: How to keep data out of the DMZ

We are investigating solutions to the following problem: We have external (Internet) users who need access to sensitive information. We could offer it to them via SFTP which would offer a secure transport method. However, we don't want to maintain…
ChronoFish
  • 155
  • 1
  • 8
2
votes
5 answers

DMZ configuration and firewall throughput

I've been asked to look into placing a firewall between a webserver (Debian/Apache/PHP) in the DMZ and a backend MySQL database to achieve "isolation". Right now, iptables is running on the MySQL server and is only permitting TCP 22 and 3306 for…
WuckaChucka
  • 375
  • 3
  • 8
  • 23
2
votes
1 answer

What's the best method of achieving device isolation in a DMZ?

I have an ADSL connection which has a /29 subnet allocated to it, giving me 6 usable IP addresses. Currently this has a cheap Netgear ADSL router attached, which has a built in switch. There are 3 servers attached, each with a public IP address.…
hmallett
  • 2,455
  • 14
  • 26
2
votes
1 answer

Is it necessary to have DMZ machine or zone on a network?

Is it necessary to have DMZ machine or zone on a network? What reasons are there for having a DMZ machine or zone? If the DMZ zone cannot communicate with the normal network at a site, why have it?
CJ7
  • 653
  • 10
  • 24
2
votes
3 answers

Just LB or also Web Servers in Demilitarized Zone?

In a load balanced environment, is it necessary to have all of the web servers in the DMZ? Or will just having the Load Balancer in the DMZ achieve the desired security? If it matters, the web server and application server are the same -- GF,…
Bradford
  • 295
  • 3
  • 7
2
votes
1 answer

Virtual firewall in existing network DMZ?

A network configuration question from a relative newbie... We have an existing LAN setup, with a hardware firewall (D-Link DIR-655) and a Microsoft Small Business Server (which does the DHCP). We have been assigned multiple Public IPs by our ISP,…
user34128
1
vote
1 answer

A way to configure DMZ zone on Ethernet Mellanox Switch

Can't find any information is it possible at all and how to configure DMZ zone on Mellanox MSN2100 switch. If I setup ACL disabling traffic from DMZ to LAN, I can't receive response to requests made from LAN to DMZ. Is there any way I can do…
Mike
  • 113
  • 4
1
vote
1 answer

Should I use DMZ for a public NextCloud server hosted on a home network?

I would like to set up a small NextCloud installation on a Raspberry Pi 1 Model B+, or something like that, on my home network.I would like it to be accessible from the outside with a DNS of some sort. The idea is to create my private Dropbox.Now…
user543656
1
vote
1 answer

ISA Server: How to troubleshoot DHCP problem?

I've added a DHCP Server to my ISA Server. The purpose of the DHCP server is to provide addresses to a DMZ (on its own interface) for misc computers that need internet access but don't need to be part of the domain (internal) network. I believe I've…
Dane O'Connor
  • 1,269
  • 2
  • 15
  • 20
1
vote
0 answers

access git repository from server in DMZ, accessed through VPN tunnel

My laptop mylaptop has access to a git repo mygitrepo.com. From mylaptop I can access a web server in a DMZ dmzserver through a VPN tunnel. Of course, dmzserver cannot directly access mygitrepo.com. How can I make the dmzserver do git clone/pull…
PDiracDelta
  • 181
  • 3
  • 8
1
vote
1 answer

Dedicated IP for webserver through pfsense and a draytek 2860

We have a leased line which has 8 public IP addresses. This connects to our Draytek 2860 router. From here we have an internal network which we use for our office computers and another network for our datacentre (which hosts a few customer…
user1711657
  • 13
  • 2
1
vote
1 answer

Cisco ASA 5505 - Access to DMZ with one public IP

I am trying to configure my Cisco ASA 5505 firewall to allow access from the internet to DMZ web and mail server. I'm new to the Cisco world so excuse me if this is a newbie question. I know that this subject has been covered on many sites, but most…
Søren Sjøstrøm
  • 11
  • 2
1
vote
1 answer

DMZ - LAN and Webserver

i know that DMZ should contain servers that acts as a middle point between the trusted area like LAN and the other semi or non trusted area like internet or another DMZ. based on this declaration our team has started designing these areas in my…
bogha
  • 235
  • 4
  • 12
1
vote
4 answers

Public IP or Private IP for the DMZ area

Lets say I have three networks in my topology : Internal network, DMZ, Internet. And my DMZ Area contains a lot of servers, but lets say in this example that it contains only a DNS Server and a Web Server. So, should I use public IP addresses or…
Sidahmed
  • 141
  • 1
  • 1
  • 7
1
vote
0 answers

Remote Desktop Jump Using Different Licence Servers

Quick overview of system: I have a business (IT) domain and a process control network (PCN) domain joined via a pair of firewalls and a DMZ (DMZ servers part of PCN domain also). PCN domain servers are 2016. IT is a mix of various workstations and…
RowdyDoc
  • 21
  • 2
1 2 3
13 14