Member Server > DMZ Port > Join Domain.

[boston33]

>We use a Small Business Server 2003 Domain.(The SBS 2003 Server is the Domain Controller.). We use a Sonicwall TZ 170 Firewall Appliance.

-The Small Business Server 2003 IP Scope is from 192.168.0.1 - 192.168.0.50.

>Also, we have a Win 2003 Standard Web Server on the Sonicwall DMZ Port.

-The Web Server has an IP like: 172.31.0.5

I want to join the Web Server(DMZ port) to the SBS 2003 Domain(LAN Port). Is there any way to do this? Can I create access rules for certain ports? Do I need to add an additional scope on the Domain Controller.(If I can add it to the domain, I would like to use only the needed access rules/ports from the Web Server to the Domain.

Thanks.

 

[b17rex]

This is extremely bad practice with regards to security. The DMZ is used to isolate machines from your trusted LAN. There are so many ports that are needed to be opened between the web server and the trusted LAN (Kerberos, RPC, etc) that your firewall would essentially be swiss cheese waiting for someone to get into your network. What reasons do you have to want the web server joined to the domain? Under ideal conditions, there should be no traffic going from the DMZ to the trusted unintiated. This would theoretically prevent hackers from getting into your trusted LAN at all, but ideal conditions are never practical conditions.

Brian