Unless I'm missing something here, it appears it's possible to setup the firewall to act as a reverse proxy but without the caching for secure access to my Lotus Notes web mail and other web servers. Is anyone doing this?
Can FireWall-1 Act as a Reverse HTTP Proxy? - (Doc# SK15012) https://secureknowledge.checkpoint.com/SecureKnowledge/viewSolutionDocument.do?lid=sk15012&partition=PUBLIC&product=VPN-1%20Pro%20(VPN-1/FW-1) pkc_mls <[EMAIL PROTECTED] > To Sent by: Mailing [EMAIL PROTECTED] list for INT.COM discussion of cc Firewall-1 <FW-1-MAILINGLIST Subject @AMADEUS.US.CHECK Re: [FW-1] Firewall Setup for Web POINT.COM> Mail 08/14/2007 01:51 AM Please respond to Mailing list for discussion of Firewall-1 <FW-1-MAILINGLIST @AMADEUS.US.CHECK POINT.COM> John Lindblom a écrit : > We currently are note using iNotes web mail, we are in the planning stages > regarding the implementation. I know a lot of companies are allowing > direct access in to their mail server but I'm just not completely > comfortable with that, we may end up doing it that way but we need to look > at all options. > > In my first email I questioned the method used with NAT to allow access to > the Domino server for web mail. What I currently do is use a ISP assigned > public IP address with Static NAT pointing into a server (Citrix in this > case) to allow remote access with the VPN client. The clients just connect > to a Citrix server with that public IP address once authenticated with > SecueRemote. Is there any other way of doing this with port forwarding as > other firewalls refer to it or is this the correct/preferred method with > Checkpoint? > you can do this with : - reverse proxy (you can set up a reverse proxy with apache or buy any commercial product) - vpn ssl (to allow access to your internal http server via an https connection). this requires a specific vpn ssl gateway like the connectra . other vendors also propose such solutions. - direct connection via NAT. then you have to ask you some questions : - which level of security do I need for this server ? - how much can I afford to reach this level of security ? each solution proposed above has good and bad points, so basically it depends on how you answer to the questions above. hope this'll help. > John > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
