How to setup IIS on DMZ Zone

[jsingh9741]

We are planning on setting up a Web Server so Internet users can access some data from our Database server via the Web Server. The only thing the web server will be doing is relaying information back and forth from the database server to the internet user. I want to setup this server so the internet user can not access the internal network. I understand I need to set it up on a DMZ Zone. We are purchasing a Sonica Wall 200 pro with a DMZ Port. How do I need to connect this. Do I need 2 NIC cards the Web Server and How will I configure it? Also We want to have Exchange Email to access via the Web. It is advisable to load the Exchange the Web Server that sits on the DMZ Zone? Help???

 

[WANguy2k]

I currently have my web server in a DMZ, and am also allowing web access to my Exchange server on my internal network. I'm not sure what a Sonica Wall is, I'm assuming it's some kind of firewall or proxy server. This is the way I have it set up (using a Raptor firewall):

3 interfaces in the firewall: one goes to the internet router, one to the DMZ, one to my internal network. I have the Outlook web product running on my Exchange server (on my internal network) with rules allowing ONLY port 25 and 80 traffic to the Exchange server.

You can also set up rules allowing traffic (on whatever ports your dbase app uses) from the web server to your internal network.

Make sure you restrict access to your internal network to only the IP addresses of the email server and the proxy server, then restrict the ports allowed on your proxy.

Lastly you should implement an ACL (see Cisco.com, look up "access control lists" on your internet router to restrict unwanted traffic.