How about setting up an Apache or Squid box in your DMZ to reverse proxy the site? Make sure some kind of authentication is required first, of course.
Chris -----Original Message----- From: Ray [mailto:[EMAIL PROTECTED] Sent: Sat Oct 22 12:36:18 2005 To: [email protected] Subject: [FW-1] R55 Clientless VPN questions We're running SecureClient with SCV activated and enforced. I have a need to allow a few customers access to an internal web server via SSL but from any IP address. I know I could use Connectra, but spending several thousand dollars for just a few people is a bit expensive. If I understand the R55 "Clientless VPN" capability correctly, it looks like it could do the trick. I understand it's not really scalable but we're talking about less than a dozen computers and at different times of the day and night. I've got plenty of CPU and memory capacity available for the security server that will be invoked. Clientless VPN seems to be nothing more that using am ICA-generated client certificate to authenticate a particular computer to the system, the same as is done for gaining access to the ICA web interface on port 18265. Is this correct? Since there is only one remote access community and because we enforce SCV compliance before allowing a connection with SecureClient, can I still use the Clientless VPN? From the meager documentation I've found, it looks like Clientless VPN is not really considered remote access like SecuRemote and SecureClient are so SCV doesn't come into play. Is Clientless VPN still supported in NGX? Would it be better to setup the firewall to accept Microsoft's L2TP connections? I would rather the outside companies just be able to open the browser, go to the SSL URL and see their login page. We also don't want to get into the hassle of installing any client software at all, like SNX. I don't need those kinds of headaches. Thanks for any help, Ray ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
