04-02-2013 08:42 AM
We are in the planning stages of going from 7.5 to 8.0 and we want to enable our remote sales force to use mobile capabilities. We are looking at putting an IIS server in the DMZ and our security team is not thrilled with this idea. Our current understanding is we need to open up ports to let the IIS server communicate back through the firewall to the SQL server on port 1706 using TCP and we also need to open up a couple of other ports for the app server and use UDP. This is where our team has issues.
Do you need to open up a UDP port or can it be configured to use just TCP?
Is there any enhanced security settings that can be put in place to protect this if it needs to use UDP?
If it can only use UDP what is UDP used for specificly? Is there functionality that can be disabled around this usage or is required for base functionality?
Any insights on this are appreciated and will hopefully put our security teams mind at rest.
04-02-2013 09:37 AM
04-02-2013 11:58 AM
What I believe Mike is saying... don't bother w/a DMZ at all. Just add a certificate and open (from the outside to the inside IIS server) port 443 for https.