Re: [fw-wiz] Putting MS servers behind firewalls

From: Dave Piscitello (yodave_at_hargray.com)
Date: 06/08/04

  • Next message: Mark Gumennik: "RE: [fw-wiz] Putting MS servers behind firewalls" 
    To: Dilan Walgampaya <dilan@dpitl.com>, firewall-wizards@honor.icsalabs.com
Date: Tue, 08 Jun 2004 09:09:23 -0400

    Supporting MS applications like Outlook and MS file/print sharing using
    native protocols and clients is one reason why many people use SSL VPN
    appliances. Some of the appliances (not all, you must investigate) proxy
    the protocols over an SSL tunnel from client endpoint to the SSL VPN
    appliance, which you place behind your firewall, opening only the ports you
    would for SSL-enabled traffic (SSL, DNS), and only to the proxy/appliance.

    At 12:23 PM 6/7/2004 +0600, Dilan Walgampaya wrote:
    >Hi Wizards,
    >
    > I ran in to a problem putting Microsoft Servers behind a
    > firewall. The users has to go through the FW to access the servers. The
    > servers I wanted to put are on an AD domain. There were AD server, File
    > server and an Exchange server. These servers need a large no. of services
    > opened for proper operation. The worse is that exchange server work in a
    > dynamic port setup where the server opens a random port for each
    > different client. MS site has some registry edits that is supposed to
    > correct this dynamic port setup issue. But when I tried these they did
    > not work as per the document describes.
    >
    > Has anybody done this kind of a setup (with other than an ISA
    > server). I am interested in doing this with Netscreen/Pix and Linux
    > IPTables. Any help is appreciated.
    >
    >
    >
    >Thanks in advance
    >
    >Dilan
    >_______________________________________________
    >firewall-wizards mailing list
    >firewall-wizards@honor.icsalabs.com
    >http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Mark Gumennik: "RE: [fw-wiz] Putting MS servers behind firewalls"

    Relevant Pages

    • RE: Clientless VPN (SSL VPN) vs HTTPS
      ... SSL-VPN is a very attractive alternative to traditional IPSec. ... appliances have a reverse-proxy implemented from which you can access ... SSL-Tunnel and start a client program on your machine. ... These days SSL VPN has been the alternative to the tradition IPsec VPN, ...
      (Security-Basics)
    • Re: What doesnt lend itself to OO?
      ... >> proxy and instructs the server to constuct the real object. ... rather than client code. ... If 'clock' is instantiated in the server, ... > for the server interface at the OOA level. ...
      (comp.object)
    • This is going straight to the pool room
      ... or not the client has privilege to do what they're trying to do, ... The server environment is this: ... 3GL User action Routines that Tier3 will execute on your behalf during the ... Routine Name: USER_INIT ...
      (comp.os.vms)
    • [Full-Disclosure] R: Full-Disclosure Digest, Vol 3, Issue 42
      ... Full-Disclosure Digest, Vol 3, Issue 42 ... SD Server 4.0.70 Directory Traversal Bug ... Arkeia Network Backup Client Remote Access ...
      (Full-Disclosure)
    • Re: What doesnt lend itself to OO?
      ... > rather than client code. ... no way to do that without also touching the object with clock semantics ... will not encapsulate both clock semantics and network semantics. ... The server can do whatever it wants ...
      (comp.object)
    • Quantcast