Re: [fw-wiz] Allowing Internet Access to MS Project Server




Seriously, using Apache's reverse proxy would be easiest and very secure. Here's how you would do it:

1. set up the MS Project Server, complete with web access, on internal LAN, including all applicable AAA (e.g. ADS authentication, and making sure SSL is turned on.
2. set up the Apache reverse proxy on DMZ, allowing only SSL proxying, with only one target available--the MS Project Server. Turn off all other services. Turn on the personal firewall for the server. This link is a tutorial on how to do the Apache part of this: http://www.apachetutor.org/admin/reverseproxies

That's it. Simple and clean.

Cisco's SSL product--never used it. Their IPSEC products are good.

Juniper has great products in general. I have no experience with their SSL product. This reviewer loves it: http://www.networkworld.com/reviews/2005/121905-juniper-summ.html?review=sslvpn

I have used a few SSL vpn appliances, and the one I like best is Nortel's. Here is a comparison of some of the leaders: http://www.informationweek.com/story/showArticle.jhtml?articleID=166404268

--p


-----Original Message-----
From: D Sharp [mailto:drsharp@xxxxxxxxxxx]
Sent: Friday, October 05, 2007 11:45 AM
To: Darden, Patrick S.
Subject: Re: [fw-wiz] Allowing Internet Access to MS Project Server


Patrick;

All good suggestions below. The freeware/open source is not what our company would normally use.
Also part of the requirement is to avoid "ipsec vpn" like solutions. Which in our company means laptops require the client and security issues the profile/credential.

We looked at CISCO's SSL/VPN product and have issues with it.

Have you heard anything good/bad about Juniper's SSL/VPN?
We have looked at this prior, but used Citrix AAC with Citrix presentation servers for another 3rd party gateway. The PS piece worked, but the AAC did not support the features claimed.
We will look more closely at Juniper.

Thank you in advance for any additional information you can share.

Thanks,
Duncan


You could use several solutions. Here are a few:

--apache reverse proxy, free and industry standard http://www.apachetutor.org/admin/reverseproxies
--squid https web proxy server, free and industry standard http://www.squid-cache.org
--secure citrix gateway http://www.citrix.com/English/ps2/products/product.asp?contentID=15005
--ssl vpn (dozens of these out there, but I like Nortel's: inexpensive, comes with IPSEC vpn too)
--ipsec vpn (again, I love Nortel's Contivity Extranet Switch series--inexpensive and utterly reliable)

--p



-----Original Message-----
From: firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx
[mailto:firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx]On Behalf Of D
Sharp
Sent: Wednesday, October 03, 2007 12:40 PM
To: Firewall Wizards Security Mailing List
Subject: Re: [fw-wiz] Allowing Internet Access to MS Project Server

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: Cant Mount Mailbox Store or Publick Folder Store
    ... My citrix is working now using ICA Client but after I tried to restart my Mail Server. ... "Mukesh" wrote: ... Either there are network problems or the Microsoft Exchange Server computer is down for maintenance. ...
    (microsoft.public.exchange.admin)
  • RE: IPSec VPN Problems
    ... router-to-router IPSec VPN tunnel between the main office and remote ... client at the remote office side cannot access the SQL Server on the SBS ... Server at the main office side. ... external IP address of the SBS Server, will you be able to access the SQL ...
    (microsoft.public.windows.server.sbs)
  • Re: How does Citrix run it faster? was Re: Microfocus COBOL 3.2.43 (16bit)
    ... over 25 sites) runs on Citrix served up from servers here in Austin. ... have moved a lot of stuff to zLinux, and in the process would up writing ... When Word loads for the ... doing anything else but managing the screen, while the server is pretty much ...
    (comp.lang.cobol)
  • Long and quite bizzare network problem
    ... I manage a 70 pc lan running win2k server,win2k Citrix ... packet sniffer to look at. ... The metaframe server is expecting that one box to ACK back,but it does ...
    (microsoft.public.win2000.networking)
  • Re: Long and quite bizzare network problem
    ... Is Admin3 the master browser on the network? ... setting on all computers except for the main server (which should be online ... > the remote location are using Citrix over a nailed T1.Main and Citrix ...
    (microsoft.public.win2000.networking)