<snip> Just my .02.... </snip> Bill, Thanks for your response and I think its worth a hell of a lot more than just .02 ... so look in your mail for the .83 that I am sending as a thank you. I know I am overly generous but I really do appreciate you taking the time. <snip> I don't understand a lot of your comments about the 2+2 config. </snip> Frankly, I didn't understand a lot of it either, which is why I brought up the question. Most of what I was asking about is based on conflicting information from people that I have talked with. The 2+2 comments were based on one of those conversations. I feel that I only have enough knowledge to be truly dangerous in this area at the moment, and I am working very hard at trying to sort good information from bad. <snip> I think the other person you where speaking with is confused about big holes in your firewall. </snip> I have come to the conclusion that we were talking apples and oranges. I was only looking at passing mail (as you were as well), while he was thinking about full use of exchange features to external users through the VPN. <snip> The web server should be in the DMZ as should the SQL sever IMHO. The SQL server should NOT be accessable from the outside at all. It should only talk to the web server and internal clients. Then open a hole from the inside to the SQL server for the SQL server traffic (port escapes at the moment). Add of course open up HTTP and HTTPS from the inside to the DMZ. </snip> Did you misspeak or am I just not understanding something? If the SQL server is in the DMZ then isn't it generally accessable to the outside by that very fact? If it is only talking to the web server and the internal machines; and you are opening ports for SQL, HTTP, & HTTPS; shouldn't the SQL server be in the more secure area of the network? Also, this is not an e-commerce site so I don't think there is a call for SSL or HTTPS. Instead SQL is used to generate the .asp pages that make up the site (in fact a transaction server isn't even implemented to my knowledge, but I need to double check on that). In your opinion is there any reason to use SSL on a non-commerce site such as the one that I am talking about? Finally, thank you for all the suggestions, especially about the stand-alone backup server for the DMZ. I am still in the very first stage of this project and where/how to backup hadn't entered into my mind although it definitely should have. Mike
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:02:11 PDT