Which services to allow through my firewall????

- T
- Tim.Richardson1
  
  Contact options for registered users
posted
19 years ago

Thu, Feb 10, 2005 4:12 AM

Hi all,

I'm just starting to configure a new proxy server, which will operate in our DMZ.

I want to use NT/2000 authentication to grant users different access rights to the web, pass through authentication using their windows login.

On our internal firewall i've allowed HTTP Proxy and RDP through from our side to DMZ. What other services do i need to allow in either direction to allow the server to view the users in our 2000 and NT domains?

The proxy server is a member of the 2000 domain, and there are two way trusts between the 2000 and NT domains.

Thanks,

Tim

- D
- Don Kelloway
  
  Contact options for registered users
Vote on answer
posted
19 years ago

Fri, Feb 11, 2005 4:53 AM

Bearing in mind that it is never a good idea to allow connections to originate from the DMZ inbound to the LAN I think the PS should remain on the internal protected side and not reside in the DMZ. This way it will result with internal users to point to the PS which can accommodate the authentication, etc. In turn the PS will establish its necessary connections to the appropriate locations on the 'net and naturally nothing is to be allowed inbound through the firewall to the PS.

- T
- Tim.Richardson1
  
  Contact options for registered users
Vote on answer
posted
19 years ago

Fri, Feb 11, 2005 6:17 AM

I came to the same conclusion. The proxy that will handle all the authentication is now behind the internal firewall this then relays to an upstream proxy in the DMZ.

Tim.