On Tue, 5 Feb 2002 [EMAIL PROTECTED] wrote: > We have a need to backup servers in the DMZ. We're using Veritas BackupExec > 8.6 for NT/2000. However, I'm a bit concerned about running the backups > through the firewall (Sonicwall Pro), just because it's a lot of data that > possibly could instead go through a separate physical Ethernet network - if > you all bless it!? > > Backup Exec does have the ability to utilize a separate physical Ethernet > network/sub-net. So long as none of the servers (LAN Backup Server and DMZ > Web Servers) have TCP/IP forwarding enabled, would it really represent a > security risk/vulnerability to stick another NIC in the DMZ servers and the > Backup Server and simply back them up through the separate Ethernet network > rather than bogging down the firewall with all packets??? > > Thanks very much!
I strongly prefer to run backups on an internal staging server that syncs[1] out through the firewall with the production server- it also gives you a warm spare should you have to recover from an outage and takes away most of the firewall issues. Paul [1] My preferred mechanism is rsync over SSH at the moment. ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions [EMAIL PROTECTED] which may have no basis whatsoever in fact." _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
