[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Tarantella and FW-1
Hello dear firewallers: Has anybody had any experience with Tarantella http://www.tarantella.com) and FW-1? We are planning on installing a Tarantella server for giving remote users web-based access to internal applications. Scenario: FW 4.1 SP2 on NT 4.0, SP6a 3 NICs: Internal private LAN (NATTed), public DMZ, public Internet segment Possible options: 1) Place the Tarantella server on the internal LAN and open up the ports required for access by remote users from their browsers (web server port 80 and Tarantella ASAD port 3144)at the firewall. 2) Place the Tarantella server on the DMZ and allow inbound access to it from Internet, allow the connections between the Tarantella server and the internal application servers through the ports required. 3) Purchase VPN module and set up access to the internal Tarantella server through SecuRemote clients. I ruled out option 1 because of the insecurity associated with allowing direct inbound connections to the internal LAN. I am in favor of option 3 because I think it is the most secure one, but this solution is not as immediate as my manager would want,as we don't have a VPN module yet. Additionally, he also favors option 2 for not requiring the installation of VPN client software as option 3 does, a browser is all that is required. How do options 2 and 3 compare in terms of security? what are the issues, risks involved with option 2? I badly need your wise views to help me convince my manager that option 3, although less immediate, is the route we should go. I'm a newbie to the VPN stuff, so please excuse my inexperience. I'll also very much appreciate any tips, hints, recommendations or any other ideas regarding the use of a Tarantella server with FW-1. Thank you so much in advance for your valuable help. Orlando Goza __________________________________________________ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|