Firewall Wizards mailing list archives
Re: Allowing Internet Access to MS Project Server
From: "Darden, Patrick S." <darden () armc org>
Date: Mon, 8 Oct 2007 08:33:20 -0400
Seriously, using Apache's reverse proxy would be easiest and very secure. Here's how you would do it: 1. set up the MS Project Server, complete with web access, on internal LAN, including all applicable AAA (e.g. ADS authentication, and making sure SSL is turned on. 2. set up the Apache reverse proxy on DMZ, allowing only SSL proxying, with only one target available--the MS Project Server. Turn off all other services. Turn on the personal firewall for the server. This link is a tutorial on how to do the Apache part of this: http://www.apachetutor.org/admin/reverseproxies That's it. Simple and clean. Cisco's SSL product--never used it. Their IPSEC products are good. Juniper has great products in general. I have no experience with their SSL product. This reviewer loves it: http://www.networkworld.com/reviews/2005/121905-juniper-summ.html?review=sslvpn I have used a few SSL vpn appliances, and the one I like best is Nortel's. Here is a comparison of some of the leaders: http://www.informationweek.com/story/showArticle.jhtml?articleID=166404268 --p -----Original Message----- From: D Sharp [mailto:drsharp () pacbell net] Sent: Friday, October 05, 2007 11:45 AM To: Darden, Patrick S. Subject: Re: [fw-wiz] Allowing Internet Access to MS Project Server Patrick; All good suggestions below. The freeware/open source is not what our company would normally use. Also part of the requirement is to avoid "ipsec vpn" like solutions. Which in our company means laptops require the client and security issues the profile/credential. We looked at CISCO's SSL/VPN product and have issues with it. Have you heard anything good/bad about Juniper's SSL/VPN? We have looked at this prior, but used Citrix AAC with Citrix presentation servers for another 3rd party gateway. The PS piece worked, but the AAC did not support the features claimed. We will look more closely at Juniper. Thank you in advance for any additional information you can share. Thanks, Duncan You could use several solutions. Here are a few: --apache reverse proxy, free and industry standard http://www.apachetutor.org/admin/reverseproxies --squid https web proxy server, free and industry standard http://www.squid-cache.org --secure citrix gateway http://www.citrix.com/English/ps2/products/product.asp?contentID=15005 --ssl vpn (dozens of these out there, but I like Nortel's: inexpensive, comes with IPSEC vpn too) --ipsec vpn (again, I love Nortel's Contivity Extranet Switch series--inexpensive and utterly reliable) --p -----Original Message----- From: firewall-wizards-bounces () listserv icsalabs com [mailto:firewall-wizards-bounces () listserv icsalabs com]On Behalf Of D Sharp Sent: Wednesday, October 03, 2007 12:40 PM To: Firewall Wizards Security Mailing List Subject: Re: [fw-wiz] Allowing Internet Access to MS Project Server _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Allowing Internet Access to MS Project Server D Sharp (Oct 03)
- Re: Allowing Internet Access to MS Project Server Darden, Patrick S. (Oct 03)
- Re: Allowing Internet Access to MS Project Server D Sharp (Oct 03)
- Re: Allowing Internet Access to MS Project Server Darden, Patrick S. (Oct 03)
- Re: Allowing Internet Access to MS Project Server D Sharp (Oct 03)
- Re: Allowing Internet Access to MS Project Server Paul D. Robertson (Oct 03)
- <Possible follow-ups>
- Re: Allowing Internet Access to MS Project Server jdgorin (Oct 03)
- Re: Allowing Internet Access to MS Project Server D Sharp (Oct 03)
- Re: Allowing Internet Access to MS Project Server jdgorin (Oct 04)
- Re: Allowing Internet Access to MS Project Server Darden, Patrick S. (Oct 08)
- Nat Limitations? jason (Oct 09)
- Re: Nat Limitations? Darden, Patrick S. (Oct 09)
- Re: Nat Limitations? Dave Piscitello (Oct 09)
- Re: Nat Limitations? jason (Oct 09)
- Re: Nat Limitations? Dale W. Carder (Oct 09)
- Nat Limitations? jason (Oct 09)
- Re: Allowing Internet Access to MS Project Server Darden, Patrick S. (Oct 03)