Hi,
I have 2 PIX501's in this config
Public IP PIX501a Private IP | DMZ | Private IP PIX501b Private IP | Internal LAN
in the DMZ I will put 2 webservers, these webservers will talk to an Oracle database server, I don't want the database server to be put into the DMZ as it contains confidential information, the only way I can think of doing this is putting the database server in the Internal LAN and permitting traffic from the web servers to the database server with only the oracle port open (1521) on PIX501b. This obviously opens a hole in my firewall, is there a better way to do this? I've heard about application forwarding but how will this help, also ISA server is very expensive! Maybe I can tighten things up on the firewall, are there things I can do?
cheers Dave