Re: [fw-wiz] Allowing Internet Access to MS Project Server




Seriously, using Apache's reverse proxy would be easiest and very secure. Here's how you would do it:

1. set up the MS Project Server, complete with web access, on internal LAN, including all applicable AAA (e.g. ADS authentication, and making sure SSL is turned on.
2. set up the Apache reverse proxy on DMZ, allowing only SSL proxying, with only one target available--the MS Project Server. Turn off all other services. Turn on the personal firewall for the server. This link is a tutorial on how to do the Apache part of this: http://www.apachetutor.org/admin/reverseproxies

That's it. Simple and clean.

Cisco's SSL product--never used it. Their IPSEC products are good.

Juniper has great products in general. I have no experience with their SSL product. This reviewer loves it: http://www.networkworld.com/reviews/2005/121905-juniper-summ.html?review=sslvpn

I have used a few SSL vpn appliances, and the one I like best is Nortel's. Here is a comparison of some of the leaders: http://www.informationweek.com/story/showArticle.jhtml?articleID=166404268

--p


-----Original Message-----
From: D Sharp [mailto:drsharp@xxxxxxxxxxx]
Sent: Friday, October 05, 2007 11:45 AM
To: Darden, Patrick S.
Subject: Re: [fw-wiz] Allowing Internet Access to MS Project Server


Patrick;

All good suggestions below. The freeware/open source is not what our company would normally use.
Also part of the requirement is to avoid "ipsec vpn" like solutions. Which in our company means laptops require the client and security issues the profile/credential.

We looked at CISCO's SSL/VPN product and have issues with it.

Have you heard anything good/bad about Juniper's SSL/VPN?
We have looked at this prior, but used Citrix AAC with Citrix presentation servers for another 3rd party gateway. The PS piece worked, but the AAC did not support the features claimed.
We will look more closely at Juniper.

Thank you in advance for any additional information you can share.

Thanks,
Duncan


You could use several solutions. Here are a few:

--apache reverse proxy, free and industry standard http://www.apachetutor.org/admin/reverseproxies
--squid https web proxy server, free and industry standard http://www.squid-cache.org
--secure citrix gateway http://www.citrix.com/English/ps2/products/product.asp?contentID=15005
--ssl vpn (dozens of these out there, but I like Nortel's: inexpensive, comes with IPSEC vpn too)
--ipsec vpn (again, I love Nortel's Contivity Extranet Switch series--inexpensive and utterly reliable)

--p



-----Original Message-----
From: firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx
[mailto:firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx]On Behalf Of D
Sharp
Sent: Wednesday, October 03, 2007 12:40 PM
To: Firewall Wizards Security Mailing List
Subject: Re: [fw-wiz] Allowing Internet Access to MS Project Server

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards