[EMAIL PROTECTED] (Pete Goodridge) wrote: >We have a growing number of Lotus Notes users who need remote >access. Currently they are dialing into our old modem bank. [snip] >Therefore we just need to open a port for Notes to the >server. I could open the Notes port to the DMZ and move the Notes >server there. Yeah, you don't need the double encryption of the VPN. However, I wouldn't allow just any connections directly to the internal Notes or Domino server from outside. Place another Domino server in the DMZ and configure it as a pass-thru server. (This is basically a proxy for Notes.) Also configure the server so that all connections are encrypted; otherwise, you'll need to set each Notes client individually. Allow connections from the pass-thru server only to people in your Name and Address Book, and only from this server to a designated server internally. Then open port 1352 on the firewall, allowing traffic only from the DMZ server to the internal server. You may also want to replicate selected databases from the internal server to the DMZ server, so that external clients can replicate from the proxy sted of through your firewall. Or, you may not allow pass-thru on the DMZ server -- which would give you more granular control of which databases are replicated outside. The Lotus documentation for r4.x and r5 goes into this process in greater detail. /cwc --- Hillary Rodham Clinton Virus instantly turns 1K of disk space into 1 Meg. - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
