About This Architecture
Dual-application internet zone architecture with unified Nginx reverse proxy entry point, WAF protection, and SSL/TLS termination. Traffic flows from internet users through WAF and external firewall to a public IP unified entry, then routes via Nginx reverse proxy to two backend applications: a penetration system and a debt integration system. Both applications connect through an internal firewall to an Oracle database cluster with primary-standby replication for high availability. This architecture demonstrates defense-in-depth security with clear separation between DMZ and intranet zones, protecting critical financial systems while maintaining scalability. Fork this diagram on Diagrams.so to customize firewall rules, add load balancing, or integrate additional applications behind the Nginx proxy.