Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Wanet Telecoms Ltd on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Network design help

Status
Not open for further replies.
wantagofast

wantagofast

Technical User
Jun 19, 2002
47
US
I am embarking on posting our first company web site. My network setup is this:

internet <- router <- pix <- DC/member ser./term. ser. <- workstations

My questions are: (1)Is hosting the web site on a separate Windows server sufficient or do I need to host the site on a ISA machine? (2)If a Windows server is sufficient without ISA, do I place the server between the router and pix or just behind the pix.

Thanks.

Matt
 
Sort by date Sort by votes
It matters on the equipment and how you want to implement it. First question... what model PIX is it? If it is a 525 or above then it can have more than 2 interfaces and I'd recommend a Inside, Outside and DMZ interface. Then the server would sit in the DMZ area and minimize damage to the LAN if it was compromised.

Putting the server between the router and PIX is called a "poor man's" DMZ. You are still isolating the server from the internal LAN but it is not quite as seucre a being on its own PIX interface. Also you'll need to implement security features in the router to protect the server from the big bad Internet.

As far as the server, it really is all about the amount of traffic. Chances are if you are just putting it up then the Windows server and a "poor man's" DMZ will work fine. But when traffic gets a little heavier I would suggest in upgrading the PIX (if needed) and put it on a PIX DMZ interface.

Let me know if this helps.

Burke
 
Upvote 0 Downvote
Thanks Burke for the response. We are a small company so resources are low. A DMZ would be my first choice but again that requires resources. The pix I am using is a 506 and I believe it only has one interface so I will have to make do with a "poor man's" DMZ.

Thanks again.

Matt
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

jobsp90
  • Locked
  • Question
I have a issue in my office hospital network regarding using IPPBX software.
Replies
2
Views
314
DavetheChef
DavetheChef
Luzbel
  • Locked
  • Question
Connecting HVAC controller to network
Replies
0
Views
440
Luzbel
Luzbel
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
568
Jared R
Jared R
WinstonCH
  • Locked
  • Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat 1
Replies
1
Views
735
BIS
BIS
bfordz
  • Locked
  • Question
new help on setting up third party VoIP phones through Catalyst 2960x switch
Replies
0
Views
297
bfordz
bfordz

Part and Inventory Search

Sponsor

Back
Top