Manualshelf

HP-UX IPSec version A.02.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
61626364656667686970
HP-UX IPSec Overview
HP-UX IPSec Topologies
Chapter 158
Application Server in DMZ with Back-End Server
More enterprises are putting application servers in a demilitarized
zone (DMZ)”—that is, outside corporate firewalls—for business
partners or public access. Because inbound connections from the
Internet are allowed to these servers, they are vulnerable to attack. In
many cases, the application servers in the DMZ are configured as
application gateways, or proxy servers, that open a second connection to
backend servers within the internal network and forward client requests
to the back-end servers.
In these scenarios, HP-UX IPSec can secure the host-to-host data path
between the gateway application server in the DMZ (B in Figure 1-17)
and the backend server (C in Figure 1-17). You must configure filtering
on the gateway application server (B) to limit access to the backend
servers.
Figure 1-17 HP-UX IPSec Securing a Backend Server