|
> from: Chris Bipes <chris.bipes@xxxxxxxxxxxxxxx> > What you missed is my DMZ is access from the internet > through a firewall. A second firewall separates the internal > LAN from the DMZ. That's a popular configuration. > There is no inbound internet traffic to the internal LAN > unless it is first processed from a DMZ server. Good point. It reinforces my previous comment about two (2) firewalls defining the boundaries of the DMZ. > These processed request are then sent from DMZ server, > not internet, to iSeries thought second firewall. Good point. It reinforces my previous assertion about NOT needing to connect an iSeries directly to the Internet. > That to me is more secure than putting our transaction server > with all of our applications and databases, (iSeries), directly > into the DMZ. True. But you're still placing a combination HTTP-Application server in the DMZ. Why not place a Web server in the DMZ for public, static content? But in the case of a request for a protected application, why not pass it from the firewall defining the entry point to the DMZ to the firewall defining the exit point to the DMZ and finally to the OS/400 HTTP Server which is located in the protected LAN segment? Nathan M. Andelin www.relational-data.com
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
