You had indicated this can be done with an SSL VPN gateway.
I have been
looking at the SSL Network Extender add-on as a solution for
securing our
internal iNotes server for web mail and to possibly
eliminate the need for
the SecuRemote client. Anyone using this add-on to protect
web mail
servers and secure access to other applications like TS or
Citrix that
would like to comment.
"- vpn ssl (to allow access to your internal http
server via an https
connection). this requires a specific vpn ssl gateway like
the connectra"
pkc_mls
<pkc_mls YAHOO.FR
>
To
Sent by: Mailing FW-1-MAILINGLISTAMADEUS.US.CHECKPO
list for INT.COM
discussion of
cc
Firewall-1
<FW-1-MAILINGLIST
Subject
AMADEUS.US.CHECK Re: [FW-1]
Firewall Setup for Web
POINT.COM> Mail
08/14/2007 01:51
AM
Please respond to
Mailing list for
discussion of
Firewall-1
<FW-1-MAILINGLIST
AMADEUS.US.CHECK
POINT.COM>
John Lindblom a écrit :
> We currently are note using iNotes web mail, we are in
the planning
stages
> regarding the implementation. I know a lot of
companies are allowing
> direct access in to their mail server but I'm just not
completely
> comfortable with that, we may end up doing it that way
but we need to
look
> at all options.
>
> In my first email I questioned the method used with NAT
to allow access
to
> the Domino server for web mail. What I currently do is
use a ISP
assigned
> public IP address with Static NAT pointing into a
server (Citrix in this
> case) to allow remote access with the VPN client. The
clients just
connect
> to a Citrix server with that public IP address once
authenticated with
> SecueRemote. Is there any other way of doing this with
port forwarding
as
> other firewalls refer to it or is this the
correct/preferred method with
> Checkpoint?
>
you can do this with :
- reverse proxy (you can set up a reverse proxy with apache
or buy any
commercial product)
- vpn ssl (to allow access to your internal http server via
an https
connection). this requires a specific vpn ssl gateway like
the connectra
. other vendors also propose such solutions.
- direct connection via NAT.
then you have to ask you some questions :
- which level of security do I need for this server ?
- how much can I afford to reach this level of security ?
each solution proposed above has good and bad points, so
basically it
depends on how you answer to the questions above.
hope this'll help.
> John
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
