[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Thoughts on external access to Intranet server
All, The folks here have decided that an Intranet server will be a good thing (finally). The issue is, that they also want access to this server from outside, which in itself is not an issue too much. Where it becomes a bit more sticky, is that they wish to allow externall companies access to specific issues on this server, and via them, to other servers in our network (NT, Netware, Unix, AS400 and so on). As well, they want access for users of ours from outside inside with once again, the ability to access and change data on internall servers. Now I could simply allow http access via the firewall with authentication on both the FW and the Intranet server, but that's about as secure as leaving 100$'s laying around on the floor for all to see and go for. My current setup is as follows : Internet | Router (double with BGP4 to two ISP's) | FireWall----DMZ (there's more, but this is all that matters right now) | Local Network (servers and users) I was thinking that perhaps an additional machine or machines on the DMZ, setup as reverse proxies, or perhaps HTTP routering servers, which would get the externall requests and only this server (or servers) would then be allowed to forward and receive data to and from the internall Intranter server. Again, the logic is in there, but I'd really appreciate some direct help on how to best set this up. I can't add a second FireWall, and the routers on the Internet side are Bay (so not easy to setup access lists) and already run BGP4 so I'd rather not add anything more to them which may cause them to falter in any way. Ideas and thoughts are welcomed. Please also forward a copy to my email address direct as well as to the group if you can of any thoughts you may have. Thanks Ahead, Mike Glassman System & Security Admin Israeli Airports Authority Ben-Gurion Airport http://www.ben-gurion-airport.co.il Tel : 972-3-9710785 Fax : 972-3-9710939 Email : [email protected] Usage of this email address or any email address at iaa.gov.il for the purpose of sales pitches, SPAM or any other such unwanted garbage, is illegal, and any person, whether corporate or alone doing so, will be prosecuted to the fullest possible extent. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|