[fw-wiz] DMZ and critical data


I am doing a project of network security to a friend of mine.
We will do a back-to-back DMZ, with a external and a internat firewall.
In our project, only the web and mail servers stay in DMZ.
But the company wants to access a webbased application from the internet.
The webserver needs access to a file and a database server, but the
data on this server is critical.
My sugestion is to put a webserver in the internal network and
configure a Vpn, but it is not possible for the client.
I don´t want to put the file and database servers on the DMZ, put if I
put it on the internal network the webserver on the DMZ has to access
the server, wich compromises my security.

Any sugestions?

Pedro Mazzoni
firewall-wizards mailing list