As default only connections from PRI to PSN(DMZ) is allowed, U need to enable tunnels if access is permitted from PSN to PRO - so if DMZ is hacked, no access to PRI should be possible.
Felix -----Original Message----- From: David Morris [mailto:[EMAIL PROTECTED] Sent: 4. august 2003 16:36 Cc: GnatBox Users Group Subject: RE: [gb-users] Communication glitches PSN<>PRI Perhaps I'm missing something, but that looks like an unrestricted connection between PRI & PSN. If so, what is the point of setting up a DMZ? Any hacked machine in DMZ would have full access to PRI. Dave Morris On Mon, 4 Aug 2003, Felix Nielsen wrote: > Enableling "IP Pass Through Filters" will eliminate "lost connection" > and problems when coping large files to/from the PSN. > > We had the same problem before we used "IP Pass Through", and it could > be tested quite easy. One workstation started copying a big file to > the PSN, another workstation did the same after a while, and then the > first workstation lost the connection. > > Config: > > IP Pass through -> Hosts/Newtworks : > > Object/Adress = ANY_PRI > Destination = PSN > Inbound = Yes > > > IP Pass through -> Filters : > > Interface = PRI > Protocol = <all> > Type = Accept > Source = ANY_PRI > Destination = ANY_PSN > > > Hope it helps :) > > Felix Nielsen > Denmark > > > -----Original Message----- > > From: Christopher A. Congdon [mailto:[EMAIL PROTECTED] > > Sent: 1. august 2003 17:29 > > To: [EMAIL PROTECTED] > > Subject: [gb-users] Communication glitches PSN<>PRI > > > > > > The way our current network is setup, all of our servers are in the > > PSN, and the only things on PRI are the workstations. The reason for > > this setup is that we are a web hosting & web design company. All > > the servers > > that we have up have public services on them. > > > > However, this appears to be causing us some headaches... > > > > Lag in communications - There's a workstation that uses our Exchange > > server, and the delay in opening messages makes it feel like the box > > is on the 'Net instead of a LAN > > > > Delayed write failures - I can't work on databases if I leave them > > on the server. I have to either open them Read-Only to look at the > > data only or copy them to my workstation if I want to edit them. > > > > Lost connections - Constantly having to re-enter passwords for > > network shares. I also have a couple of workstations out on our > > frame-relay WAN (which is anchored in the PRI)... These workstations > > can't copy large files from the server. After getting about a third > > of the way through, they get notification that the connection has > > been reset. This appears to only happen between PRI/PSN. I can copy > > files between two boxes on the PSN all day long and nothing appears > > to happen. > > > > Thank goodness, about the only service that appears to be unaffected > > is Terminal Server. But because of these problems, I've been > > seriously considering just eliminating the PRI on our network, > > unless maybe, somebody has some suggestions at things I can do to > > clear this up? > > > > > > > > Christopher Congdon > > Network Engineer > > Congdon.WEB > > [EMAIL PROTECTED] > > http://www.congdonweb.com > > 317-920-9601 > > > > ------------------------------------------------------ > > To unsubscribe: [EMAIL PROTECTED] > > For additional commands: [EMAIL PROTECTED] > > Archive: http://www.mail-archive.com/[EMAIL PROTECTED] > > ------------------------------------------------------ > To unsubscribe: [EMAIL PROTECTED] > For additional commands: [EMAIL PROTECTED] > Archive: http://www.mail-archive.com/[EMAIL PROTECTED] ------------------------------------------------------ To unsubscribe: [EMAIL PROTECTED] For additional commands: [EMAIL PROTECTED] Archive: http://www.mail-archive.com/[EMAIL PROTECTED] ------------------------------------------------------ To unsubscribe: [EMAIL PROTECTED] For additional commands: [EMAIL PROTECTED] Archive: http://www.mail-archive.com/[EMAIL PROTECTED]
