Eigen, Why not have the client do push replication from the back end system to the one in the DMZ? This way the back end system wouldn't be exposed and the data needed for the front end system to run will be accessible to it.
Geoff Sent from my BlackBerry wireless handheld. -----Original Message----- From: "Phil Waller" <[EMAIL PROTECTED]> Date: Thu, 22 Mar 2007 13:36:43 To:<[EMAIL PROTECTED]>, <[email protected]> Subject: RE: Shared drives through a firewall Its just a big no no no no no NON, NEIN, There are loads of reasons why not to - as you have said you have googled this and been inundated with reasons why not to so I wont put you through the pain Can't you get the client to tunnel up to the firewall using IPSEC or similiar and then allow NetBIOS/TCP 445 or 139 from the endpoint onwards if needs be? Latency issues will still be a pain when tunneling due to some overhead on building and maintaining the tunnel, CIFS access doesn't work well on a WAN anyhow I take it the orientation is internet --> DMZ and not Trusted --> DMZ? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 22 March 2007 02:01 To: [email protected] Subject: Shared drives through a firewall Hello Group; I am trying to persuade a client NOT to map a drive through two firewalls to an untrusted server in a DMZ to run an application. I've tried Googling Netbios and security, but get so many entries as to be useless. Other than the latency issues, and my ten cents that it seems to me to be an enormously foolish idea, can you folks offer me any further ammunition? Big Thanks if you can Eigen
