Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [dmz]

In computer security, a DMZ, or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization's external services to a larger untrusted network, usually the Internet. The term is normally referred to as a DMZ by information technology professionals. It is sometimes referred to as a perimeter network.

In computer security, a DMZ, or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization's external services to a larger untrusted network, usually the Internet. The term is normally referred to as a DMZ by information technology professionals. It is sometimes referred to as a perimeter network.

The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN); an external attacker only has access to equipment in the DMZ, rather than any other part of the network.

204 questions
1
vote
1 answer

Spoofing DNS for another domain within a DMZ

I am setting up a DMZ disconnected from our corporate LAN. I've moved DNS services for the DMZ hosts into the DMZ with a stripped down set of zone info containing only what the DMZ hosts need to know. Some connections need to come back into the LAN…
Server Fault
  • 3,714
  • 12
  • 54
  • 89
1
vote
1 answer

CRM 2013 Internet Facing Deployment (IFD)

For previous CRM IFDs I have placed the CRM Front End server in the DMZ along with an ADFS Proxy and allowed access from the Domain Controller to the CRM Front End through the firewall. This is obviously a security vulnerability. For a new install…
Underscore
  • 113
  • 2
1
vote
1 answer

Error connecting to sql server database when running IIS from DMZ

I've been working on this for a few days now. One of our clients has a 3 tier server plan - an IIS server, an application server (where the Asp.Net MVC3 application is located) and the db server. All servers are Windows Server 2012 R2. Application…
user1666620
  • 121
  • 1
  • 6
1
vote
1 answer

Firewall setup Huawei 4G with DMZ

Network topology: ISP1 | | Alternative ISP 4G | | | Huawei 4G with DMZ | | | to 192.168.2.1 …
Didzis
  • 121
  • 3
1
vote
1 answer

Windows Server 2012 R2 Standard located in our DMZ has problems with connection to RoDC

We had an environment with multiple 2008 R2 DC:s in our internal LAN and a 2008 R2 RoDC:s in our DMZ. We set up 2008 R2 servers in our DMZ and joined them to the domain using DJOIN. Everything working fine, but then we started to set up 2012 R2…
Niclas H
1
vote
3 answers

Is it a good idea to only allows connections to be established in the LAN->DMZ direction?

I'm trying to setup the usual thing, with a DMZ containing servers that can be accessed from the internet, and a LAN that should be as secure as possible. I happen to also have total freedom on the architecture. Given that I want to make my LAN area…
LordOfThePigs
  • 717
  • 1
  • 7
  • 7
1
vote
0 answers

Separating Secure Network and DMZ (nonsecure) in a PCI Compliant Infrastructure

We are setting up a PCI Compliant infrastructure where most of our applications are running in a DMZ (demilitarised zone) that contain no sensitive information. The part that contains sensitive information is secured in a private subnet. We have two…
darksky
  • 135
  • 5
1
vote
1 answer

Proposed Network Design for DMZ with Server Virtualization?

I have the following proposed network design that I will be implementing. All connection for server and PCs are connected through an All in One cisco firewall Only one high end server will be used. The server has two NICs. Virtualization will be…
ericlee
  • 121
  • 1
  • 6
1
vote
1 answer

iptables: Allowing only established outgoing connections like DMZ

I want to simulate a DMZ like scenario where server1(inside DMZ, 10.1.1.0) should be able to respond to any incoming connection and cann't make a new outgoing connection on its own. I would appreciate if someone provides a working example. Example:…
chandank
  • 847
  • 3
  • 14
  • 31
1
vote
1 answer

When moving a server from behind a firewall into a DMZ, should you move a test server first?

We have to move a server from within the firewall to a DMZ (not a true DMZ, but a space that's between 2 firewalls. Is it typically a good idea, when moving a server in this fashion, to stand up another machine with the target IP to test the…
cdeszaq
  • 193
  • 1
  • 8
1
vote
2 answers

how to route external IP to internal without MASQUERADE

Ok, i'm still working on creating a dmz'd http server So now I have an ethernet tunnel using ssh -w 0:0 and I have interfaces on each end which can talk to each other: previous question So now I'm grappling with getting this http server to be…
iamacomputer
  • 161
  • 1
  • 9
1
vote
1 answer

Moving uploaded files through a DMZ

I'm transitioning a web app (runs on LAMP) from a single host to a configuration with the php/apache app running on a public facing server in a DMZ. The app connects to mysql which is sitting in a private network behind the DMZ. My main criteria I…
Stephen
  • 13
  • 3
1
vote
1 answer

DMZ config on RV082 router

We are connecting 2 offices with a dedicated point to point connection. Both offices have the Cisco RV082 router. In both offices, the routers are being used for internet on the WAN1 port. This model has a WAN2 port, which can be configured as…
charnley
  • 577
  • 3
  • 14
1
vote
1 answer

Subversion server behind firewall and Apache reverse proxy exhibits intermittent hanging

Here's my situation: 1) DMZ: I have an self-signed SSL Cert on an Apache server (our bastion host) configured to run as a reverse proxy for 7 other LAN servers (subversion, ldap, jenkins, confluence, jira, mapi, etc). 2) Firewall: Between the DMZ…
Dave
  • 607
  • 1
  • 9
  • 18
1
vote
2 answers

Google Analytics: No stats from DMZ network segment

We need to track hits on a particular page for usage stats, evaluate client need, etc. More specifically we need to track an internal DMZ network segment for hits on this page. Google Analytics displays traffic from other network segments but not…
Bubnoff
  • 415
  • 7
  • 18
1 2 3
13 14