Wednesday, May 8, 2019

Designing a DMZ

Hi,

I'm currently working in a place where I have to design and implement a simple DMZ. It should redirect traffic coming from Internet to our Odoo server. Basically, this.

For now, the network looks like this with no access from the Internet.

My understanding of networking isn't on point, but I think I have narrowed it down to those options:

  • Add a NIC on the Odoo server and place it inside the DMZ, like this
  • Add a server in the DMZ using a reverse proxy to connect to the Odoo server, like this
  • Add a server in the DMZ used as the Odoo front-end with the database inside the LAN, like this
  • Don't add a DMZ and use the router as reverse proxy to the LAN, like this

I'm looking for the cheapest, yet secure, option. I know the first and last aren't very secure unlike the second option but the price difference here really matters. If any of you could give me your 2 cents on this, I would really appreciate! Thanks



No comments:

Post a Comment