Re: MSSQL Server Gateway

Phillip,
The big picture is described in my first post.
I want a concentrator/gateway for all SQL Server connections from a big
private LAN to a secured private LAN.

why:
- to keep Firewall administration to a absolut minimum
- reduce allowed "clients" to access db servers to one ip
- implement user authentication (optional)

Example:
- Client in private LAN wants data from SQL Server DB in secure private LAN
- Concentrator/Gatway checks if user may access requested DB Server (optional)
- Concentrator/Gatway passes datarequest (through firwall) to DB Server
- DB Server sends data to concentrator/gateway
- Concentrator/gateway passes data to client.

Hope this put some light into the darkness.

TIA
Dan




"Phillip Windell" wrote:

"Dan" <Dan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:60ADDBF1-D08D-43E6-A793-633915584F82@xxxxxxxxxxxxxxxx
I don't want to put them between the two networks (will say don't want to
build a second hole in the wall) just in front of the existing firewall.
(In
Oracle therms I can say on the client connect db X on server Y via gateway
Z).

The ISA needs to be next to to LAN so it can interact with the DC to be able
to authenticate Users. So you want it *behind* the existing firewall, not in
front of it. You also want the "simplest" firewall with the least complex
configuration at the outer network edge,...the more complex firewall with
the most complex configuration (user authentication and such) goes on the
more inner edge closest to the assests that need protected.

As far as Oracle, God only knows what they mean by that. Instead of
wondering where to stick firewalls,...just give us the "big picture" of what
you actually want to do with the Database Server, then we can tell you what
you can or can't do with ISA in respect to that.

And then lastly, we are all waisting our time if we don't clearly understand
your LAN topology design. Firewalls and Proxys directly effect Topology and
at the same time Topology effects Firewalls and Proxys,...so Topology design
is the most important thing to know above all else.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

The views expressed are my own (as annoying as they are), and not those of
my employer or anyone else associated with me.
-----------------------------------------------------





.

Relevant Pages

  • Re: CEICW fails at firewall config
    ... Do you or do you not have ISA 2000 or ISA 2004 installed on the SBS server? ... Do you have 2 NICs in the SBS? ... CEICW fails on firewall configuration every time. ... >>> Call to Creating the protected networks access rule returned ok. ...
    (microsoft.public.windows.server.sbs)
  • Re: Recycler security issues on IIS server
    ... > latest upates to the server. ... > like to see the server put behind our firewall, ... other software, install all patches, IISlockdown, URLscan, use the correct ... the procedures you follow may vary depending on your security needs. ...
    (microsoft.public.inetserver.iis.security)
  • Re: ISA SERVER NOT STARTING
    ... I delete the nat/basic firewall and stop and started the RRAS an tried to ... There were no critical events in the DNS Server Log in the last 24 hours. ... An error occurred during logon ... Caller User Name: - ...
    (microsoft.public.windows.server.sbs)
  • Re: For Microsoft Partners and Customers Who Cant Download or Access
    ... to reconfigure the firewall, but to use a static IP on your client ... and to make sure that the DNS server entries on the client are ... Microsoft for msdn2.microsoft.com. ... use a static IP and set the DNS server addresses to the DNS ...
    (microsoft.public.dotnet.general)
  • RE: Is this as bad as it seems?
    ... The network being protected by the router or firewall is still vulnerable to ... > circumvented - the administrator has explicitly allowed HTTP traffic on ... this exploit has the effect of allowing the attacker to send *INBOUND* HTTP ... The HTTP server (located on the internal network or anywhere else that is ...
    (Security-Basics)
Loading