sgoethals
Technical User
- Dec 10, 2008
- 1
Hi Folks,
The company I work for needs to host websites for customers and make connections between IIS and an SQL database. We also have an Exchange and FTP server.
We currently have a CISCO ASA box in place. I have been doing some reading, and from what I have read, it seems that most folks recommend a back-to-back firewall solution with the ASA as the front-end firewall and an ISA as the backend-firewall. Here's where my confusion is.
Where should my webserver, exchange server, and ftp server reside?
1) Internal network and just publish things that are used?
2) DMZ between ISA and ASA?
3) DMZ off from ASA
I want to protect things as much as possible. I would prefer option #1, but as I said, I am concerned about security. If option #1 will work, then what goes in the DMZ (#2 or #3).
Thanks.
The company I work for needs to host websites for customers and make connections between IIS and an SQL database. We also have an Exchange and FTP server.
We currently have a CISCO ASA box in place. I have been doing some reading, and from what I have read, it seems that most folks recommend a back-to-back firewall solution with the ASA as the front-end firewall and an ISA as the backend-firewall. Here's where my confusion is.
Where should my webserver, exchange server, and ftp server reside?
1) Internal network and just publish things that are used?
2) DMZ between ISA and ASA?
3) DMZ off from ASA
I want to protect things as much as possible. I would prefer option #1, but as I said, I am concerned about security. If option #1 will work, then what goes in the DMZ (#2 or #3).
Thanks.