Ansgar -59cobalt- Wiechers wrote:
On 2007-03-21 tom winter wrote:
Ansgar -59cobalt- Wiechers wrote:
On 2007-03-20 tom winter wrote:
What exactly is a "layer 3 proxy for server publications" supposed to
be?
MS termiminology.. servers that have to remain inside the lan are
'published'. E.g. the intranet web server has to have AD and database
connections, so it can't be moved to a dmz easily.
Ah, I see, you mean connections from hosts in the DMZ into the LAN?
You'll need to manually allow the ports required for the services you
want to be 'published'. Personally I'd prefer to avoid something like
that, though, and rather replicate the data or move the servers to a DMZ
of their own, that can be accessed from both the "public" DMZ and the
LAN.
it's even worse: in a standard ISA setup, all layer two filtering and
all Proxies are done on the same machine and all running with local
system (~ root) privileges.
Thanks,
also thanks to Léo and Ralph
Tom
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
