[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] Allow nbsession via firewall
Title: RE: [FW1] Allow nbsession via firewall
Or at
least limit it to POP3/IMAP4..
That is what Outlook Web Access (OWA) is for, so go to
Microsoft's website and research it. That is what you are looking for to solve
your problem and not allowing Internet access to Exchange.
If you insist on allowing Exchange Internet access through the
firewall, you might as well just remove the firewall and have one less system
to manage.
-----Original Message----- From: Arie
Gilboa [mailto:[email protected]]
Sent: Wednesday, January 17, 2001 6:35 AM To: Chilton Tim; [email protected]
Subject: Re: [FW1] Allow nbsession via firewall
Tim, Thanks!...
I agree with your answers,... but what
can I do if ExChange 2000 require it, in it Front-end & Back-end
Topology, in order to allow access to
ExChange from the Internet ?.
Thanks, Arie Gilboa
----- Original Message ----- Subject:
RE: [FW1] Allow nbsession via firewall
> Arie, > > You really don't want to enable NBT from your DMZ inbound or a
compromised > host on your DMZ will be able to
connect to internal hosts which is a major
> security host >
> Try to keep all connections one way, eg > > Internal network -> DMZ
Network > DMZ Network -> Internet
> > Obviously you will need
exceptions - eg inbound e-mail, in which case ensure > that you make the rule point to
point (host A to host B only) and service >
specific - ie only SMTP. > > What are you trying to fix with NBT inbound ? > - Can you grab the files from the DMZ using an internal host
instead > ? >
> Regards > > Tim > -----Original Message-----
> From: Arie Gilboa [mailto:[email protected]]
> Sent: 07 January 2001 09:59 >
To: [email protected] >
Subject: [FW1] Allow nbsession via firewall > > >
> Hello !, > > I would like to ask how risky is to allow nbsession (139) access
from DMZ to > Internal
network ?. > Is there any way to avoid it ?
> > Thanks, > Arie Gilboa > > > >
============================================================================
> ==== > To unsubscribe from this mailing
list, please see the instructions at >
http://www.checkpoint.com/services/mailing.html
> ============================================================================
> ==== >
================================================================================
To unsubscribe from this mailing
list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|