DMZ and Memberservers

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

We are in the process of redoing our network to implement a DMZ and add a
Cisco PIX firewall to the mix. My question is, what roles should the servers
in the DMZ be? At the moment, our webserver and mailserver are members of
our Win2K AD domain behind a firewall. Once we move these to the DMZ is it
best practices to remove them from the domain and make them standalone
servers?

How are some of you doing this?

Thank you,

Denny
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

If possible you are best off not having them be members of your AD domain
but keep in mind that may be impossible if they need to use AD to
authenticate AD users. The problem is that to keep them domain members you
need to configure a number of rules in your firewall including dynamic RPC.
Web servers are good candidates for a dmz. The link below will show how you
need to configure a firewall for Active Directory unless you can configure a
tunnel of some sort such as for a persistent VPN connection. --- Steve

http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B179442

"jokes54321" <jokes54321@nospam.com> wrote in message
news:%23AWnE8VYFHA.1796@TK2MSFTNGP15.phx.gbl...
> We are in the process of redoing our network to implement a DMZ and add a
> Cisco PIX firewall to the mix. My question is, what roles should the
> servers in the DMZ be? At the moment, our webserver and mailserver are
> members of our Win2K AD domain behind a firewall. Once we move these to
> the DMZ is it best practices to remove them from the domain and make them
> standalone servers?
>
> How are some of you doing this?
>
> Thank you,
>
> Denny
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Also note that Exchange 2003 needs to be in a domain, as I understand it.
In that case, you may be better off using a different email server gateway
product in the DMZ, such as Norton Antivirus for Gateways, which comes free
[or used to] with NAV Corporate Edition with Platinum tech support.


"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:ebtMxkkYFHA.796@TK2MSFTNGP09.phx.gbl...
> If possible you are best off not having them be members of your AD domain
> but keep in mind that may be impossible if they need to use AD to
> authenticate AD users. The problem is that to keep them domain members
you
> need to configure a number of rules in your firewall including dynamic
RPC.
> Web servers are good candidates for a dmz. The link below will show how
you
> need to configure a firewall for Active Directory unless you can configure
a
> tunnel of some sort such as for a persistent VPN connection. --- Steve
>
> http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B179442
>
> "jokes54321" <jokes54321@nospam.com> wrote in message
> news:%23AWnE8VYFHA.1796@TK2MSFTNGP15.phx.gbl...
> > We are in the process of redoing our network to implement a DMZ and add
a
> > Cisco PIX firewall to the mix. My question is, what roles should the
> > servers in the DMZ be? At the moment, our webserver and mailserver are
> > members of our Win2K AD domain behind a firewall. Once we move these to
> > the DMZ is it best practices to remove them from the domain and make
them
> > standalone servers?
> >
> > How are some of you doing this?
> >
> > Thank you,
> >
> > Denny
> >
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

I just wanted to thank you both for the info. It is extremely helpful.

Denny

"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:ebtMxkkYFHA.796@TK2MSFTNGP09.phx.gbl...
> If possible you are best off not having them be members of your AD domain
> but keep in mind that may be impossible if they need to use AD to
> authenticate AD users. The problem is that to keep them domain members
> you need to configure a number of rules in your firewall including dynamic
> RPC. Web servers are good candidates for a dmz. The link below will show
> how you need to configure a firewall for Active Directory unless you can
> configure a tunnel of some sort such as for a persistent VPN
> onnection. --- Steve
>
> http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B179442
>
> "jokes54321" <jokes54321@nospam.com> wrote in message
> news:%23AWnE8VYFHA.1796@TK2MSFTNGP15.phx.gbl...
>> We are in the process of redoing our network to implement a DMZ and add a
>> Cisco PIX firewall to the mix. My question is, what roles should the
>> servers in the DMZ be? At the moment, our webserver and mailserver are
>> members of our Win2K AD domain behind a firewall. Once we move these to
>> the DMZ is it best practices to remove them from the domain and make them
>> standalone servers?
>>
>> How are some of you doing this?
>>
>> Thank you,
>>
>> Denny
>>
>
>
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom