[fw-wiz] Re: Putting MS servers behind firewalls (Dilan Walgampaya)

From: Tim Chettle (tim.chettle_at_orange.net)
Date: 06/08/04

  • Next message: Devdas Bhagat: "Re: [fw-wiz] Putting MS servers behind firewalls"
    To: "Mark" <firewalladmin@bellsouth.net>
    Date: Tue, 8 Jun 2004 10:41:58 +0100
    
    

    well if you are using the http connections there is no requirement to have
    Domian controllers externally facing as the http server issues the challenge
    response and passes your credentails to the Domain controller.
    ----- Original Message -----
    From: "Mark" <firewalladmin@bellsouth.net>
    To: "Tim Chettle" <tim.chettle@orange.net>
    Cc: <firewall-wizards@honor.icsalabs.com>
    Sent: Monday, June 07, 2004 11:01 PM
    Subject: Putting MS servers behind firewalls (Dilan Walgampaya)

    > Hey, that is a good point, I like it. What about the Domain Controller
    > though? I assume that is what is meant by "AD Server".
    >
    > Mark
    >
    > > However the point i was going to make was that rather than open up that
    high
    > > number of connections, if you are using exchange 2003 and outlook 2003
    you
    > > can replicate over https and if you deploy a sharepoint services on the
    box
    > > again you can browse using https
    >
    > =================================================================
    >
    > > > Hi Wizards,
    > > >
    > > > I ran in to a problem putting Microsoft Servers behind a firewall. The
    > > > users has to go through the FW to access the servers. The servers I
    > > > wanted to put are on an AD domain. There were AD server, File server
    and
    > > > an Exchange server. These servers need a large no. of services opened
    > > > for proper operation. The worse is that exchange server work in a
    > > > dynamic port setup where the server opens a random port for each
    > > > different client. MS site has some registry edits that is supposed to
    > > > correct this dynamic port setup issue. But when I tried these they did
    > > > not work as per the document describes.
    > > >
    > > > Has anybody done this kind of a setup (with other than an ISA server).
    > > > I am interested in doing this with Netscreen/Pix and Linux IPTables.
    Any
    > > > help is appreciated.
    > > >
    > > >
    > > >
    > > > Thanks in advance
    > > >
    > > > Dilan
    > > >
    > > >
    > > > --__--__--
    > > >
    > > > _______________________________________________
    > > > firewall-wizards mailing list
    > > > firewall-wizards@honor.icsalabs.com
    > > > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    > > >
    > > >
    > > > End of firewall-wizards Digest
    > >
    > >
    > > ---
    > > Outgoing mail is certified Virus Free.
    > > Checked by AVG anti-virus system (http://www.grisoft.com).
    > > Version: 6.0.698 / Virus Database: 455 - Release Date: 02/06/2004
    > >
    > > _______________________________________________
    > > firewall-wizards mailing list
    > > firewall-wizards@honor.icsalabs.com
    > > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    >

    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.698 / Virus Database: 455 - Release Date: 03/06/2004
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Devdas Bhagat: "Re: [fw-wiz] Putting MS servers behind firewalls"

    Relevant Pages

    • Cisco Security Response: Cisco IOS Cross-Site Scripting Vulnerabilities
      ... Cisco Security Response: Cisco IOS Cross-Site Scripting ... Two separate Cisco IOS Hypertext Transfer Protocol (HTTP) cross-site ... scripting vulnerabilities have been reported to Cisco by two ... as purely HTTP Server) and applies to all Cisco products that run ...
      (Bugtraq)
    • About WSAEventSelect Model Problem.
      ... I Write a HTTP client by WSAEventSelect Model, ... I cut a file to piece and download every piece ... // build the socket & connect the Http server ...
      (microsoft.public.win32.programmer.networks)
    • Re: IHS not redirecting http traffic to WAS
      ... I am expecting the IHS to redirect the http traffic to the ... >>doing the redirecting and it always stop at the HTTP Server Welcome ... > the configuration file for IHS and the plugin configuration file? ... first you need to install the plug in on the http server machine. ...
      (comp.unix.aix)
    • Re: Outlook Express and Hotmail
      ... That's most interesting, Jens, and thanks for doing the dirty work. ... the HTTP server for Hotmail remains ... I do *not* have the HTTP server listed in Trusted Sites zone...but I ...
      (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
    • Re: Outlook Express and Hotmail
      ... That's most interesting, Jens, and thanks for doing the dirty work. ... the HTTP server for Hotmail remains ... I do *not* have the HTTP server listed in Trusted Sites zone...but I ...
      (microsoft.public.de.german.inetexplorer.ie6.outlookexpress)