Pull Server for DMZ computers

This topic contains 4 replies, has 3 voices, and was last updated by  Sergei 1 year, 3 months ago.

  • Author
  • #66661

    Andrew Palmer

    Can anyone tell me the best place to place a pull server on a network? Am I wrong in thinking that it would be more secure to keep the pull server in my core network and open up HTTPS to my DMZ clients rather than keeping a separate DMZ pull server in the DMZ to serve DMZ computers?
    I'm thinking if a computer in the DMZ got compromised they could have the potential also get on to the pull server to see all the MOF's of my DMZ servers. I mean I says this is a DMZ but its a zone that is basically servers with specific opened ports to the outside world (HTTPS, FTP, SMTP ETC ETC) not every port.

  • #66697

    Don Jones

    It'd be good to have the pull server behind a firewall, yes. The risks of someone getting to it in a way that lets them see all your MOFs is minimized; you can further protect by not making those a shared folder and by permission them appropriately.

  • #66714


    Do you have many servers in DMZ? If not, do you really need them to use Pull model ? It may be better to have them in push mode and keep DMZ isolated.

  • #66732

    Andrew Palmer

    About 200 or so.

    • #66894


      Do you have inbound ports open?
      You mentioned 'outside ports'

You must be logged in to reply to this topic.