You had indicated this can be done with an SSL VPN gateway. I have been
looking at the SSL Network Extender add-on as a solution for securing our
internal iNotes server for web mail and to possibly eliminate the need for
the SecuRemote client. Anyone using this add-on to protect web mail
servers and secure access to other applications like TS or Citrix that
would like to comment.
"- vpn ssl (to allow access to your internal http server via an https
connection). this requires a specific vpn ssl gateway like the connectra"
pkc_mls
<[EMAIL PROTECTED]
> To
Sent by: Mailing [EMAIL PROTECTED]
list for INT.COM
discussion of cc
Firewall-1
<FW-1-MAILINGLIST Subject
@AMADEUS.US.CHECK Re: [FW-1] Firewall Setup for Web
POINT.COM> Mail
08/14/2007 01:51
AM
Please respond to
Mailing list for
discussion of
Firewall-1
<FW-1-MAILINGLIST
@AMADEUS.US.CHECK
POINT.COM>
John Lindblom a écrit :
> We currently are note using iNotes web mail, we are in the planning
stages
> regarding the implementation. I know a lot of companies are allowing
> direct access in to their mail server but I'm just not completely
> comfortable with that, we may end up doing it that way but we need to
look
> at all options.
>
> In my first email I questioned the method used with NAT to allow access
to
> the Domino server for web mail. What I currently do is use a ISP
assigned
> public IP address with Static NAT pointing into a server (Citrix in this
> case) to allow remote access with the VPN client. The clients just
connect
> to a Citrix server with that public IP address once authenticated with
> SecueRemote. Is there any other way of doing this with port forwarding
as
> other firewalls refer to it or is this the correct/preferred method with
> Checkpoint?
>
you can do this with :
- reverse proxy (you can set up a reverse proxy with apache or buy any
commercial product)
- vpn ssl (to allow access to your internal http server via an https
connection). this requires a specific vpn ssl gateway like the connectra
. other vendors also propose such solutions.
- direct connection via NAT.
then you have to ask you some questions :
- which level of security do I need for this server ?
- how much can I afford to reach this level of security ?
each solution proposed above has good and bad points, so basically it
depends on how you answer to the questions above.
hope this'll help.
> John
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
