NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Thoughts on external access to Intranet server



All,

The folks here have decided that an Intranet server will be a good thing
(finally).

The issue is, that they also want access to this server from outside, which
in itself is not an issue too much. Where it becomes a bit more sticky, is
that they wish to allow externall companies access to specific issues on
this server, and via them, to other servers in our network (NT, Netware,
Unix, AS400 and so on). As well, they want access for users of ours from
outside inside with once again, the ability to access and change data on
internall servers.

Now I could simply allow http access via the firewall with authentication on
both the FW and the Intranet server, but that's about as secure as leaving
100$'s laying around on the floor for all to see and go for.

My current setup is as follows :

Internet
    |
Router (double with BGP4 to two ISP's)
    |
FireWall----DMZ (there's more, but this is all that matters right now)
    |
Local Network (servers and users)

I was thinking that perhaps an additional machine or machines on the DMZ,
setup as reverse proxies, or perhaps HTTP routering servers, which would get
the externall requests and only this server (or servers) would then be
allowed to forward and receive data to and from the internall Intranter
server.

Again, the logic is in there, but I'd really appreciate some direct help on
how to best set this up.

I can't add a second FireWall, and the routers on the Internet side are Bay
(so not easy to setup access lists) and already run BGP4 so I'd rather not
add anything more to them which may cause them to falter in any way.

Ideas and thoughts are welcomed.

Please also forward a copy to my email address direct as well as to the
group if you can of any thoughts you may have.

Thanks Ahead,

Mike Glassman
System & Security Admin
Israeli Airports Authority
Ben-Gurion Airport
http://www.ben-gurion-airport.co.il

Tel : 972-3-9710785
Fax : 972-3-9710939
Email : [email protected]

Usage of this email address or any email address at iaa.gov.il for the
purpose of sales pitches, SPAM or any other such unwanted garbage, is
illegal, and any person, whether corporate or alone doing so, will be
prosecuted to the fullest possible extent.






================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.