Newbie DMZ Questions

[2canSAM]

Right now we are running a ISS.net box and I have some questions about DMZ and firewalls. I have been tasked with looking into this and have some very BASIC questions. Right now our webserver is running on the internal LAN behind the firewall (I know, Bad move but it was setup that way before I got here). I want to move the Webserver into the DMZ, my question is this, With the webserver in the DMZ traffic can still go from LAN>>>DMZ right? It will not (theroy)go from the DMZ>>>LAN right? I mean I will still be able to access the webserver from my box on the LAN for management, but they wont be able to get to the LAN from the webserver?

 

[Need4Speed]

yes...think of the dmz as any other external network...the firewall can control flow in either direction. some firewalls deny all traffic until proper rules are setup. others setup basic rules that fit the majority of installations...so..it depends on the firewall if lan > dmz is allowed, but it can certainly be enabled