Re: Lotus Notes question

[Manuel.Gil () gecits-eu com]

Hi, read this FAQ from RAPTOR it could be useful for you....

http://www.raptor.com/cs/FAQ/entv5gsp_lotusnotes.html


This FAQ discusses how to configure either inbound or outbound Lotus-Notes
access through the EagleNT 5.0 firewall
by creating a GSP and a rule.

Configuration steps for Lotus-Notes access:

Before discussing the actual configuration procedure, you should understand
 that transparent outbound network
operation of the EagleNT firewall requires three network criteria:

      (1)
         All inside hosts must set their default route/gateway to the
inside IP address of the EagleNT firewall, or to
         a router whose default route/gateway gets to the inside IP address
 of the EagleNT firewall. (Reference from:
         EagleNT 5.0 preinstall checks)
      (2)
         All inside hosts and the firewall must have access to DNS name
resolution. (Reference from: EagleNT 5.0
         postinstall checks)
      (3)
         The default route/gateway on the firewall must point to the IP
address of the router that is connected to the
         Internet. (Reference from: EagleNT 5.0 preinstall checks)


Configuring Lotus-Notes access requires three general steps, all of which
can be accomplished in the Hawk configuration
GUI. The following is a brief overview of these steps:

      (1)
         A protocol definition for Lotus-Notes must be created. The
protocol definition tells the GSP what ports and
         transport protocol (UDP or TCP) need to be managed.
      (2)
         A GSP must be created to proxy the Lotus-Notes traffic.
      (3)
         An authorization rule must be created to govern the GSP's
operation.


The following detailed procedure describes how these steps are
accomplished:

 (1)
    Invoke the HAWK configuration GUI (start> programs> Raptor Eagle> Hawk
5.0). The Eagle Administration
    window should appear.

    Enter the gateway password if running RemoteHawk, or managing another
EagleNT firewall from the local
    firewall.

    Press the connect button. The Hawk toolbar should appear.
 (2)
    Perform the following steps to create a protocol definition for IRC.
     Press the protocols button on the Hawk toolbar. The protocols window
should appear.
     Enter the name TCP1352_NOTES in the name field.
     Enter an appropriate description in the description field.
     Use the pulldown arrow in the protocol field to highlight and select
TCP.
     Enter 1352 in the destination port field.
     Enter 1024-65535 in the source port range field.
     Press the create button to store the protocol definition.
     Press the close button to dismiss the protocols window.

 (3)
    Perform the following steps to create the GSP for Lotus-Notes.
     Press the GSP services button on the HAWK toolbar. The GSP Services
window should appear.
     Enter gsp.notes in the name field.
     Enter an appropriate description in the description field.
     Use the pulldown arrow on the App Protocol field to select
TCP1352_NOTES.
     For inbound access:
                        Enter the IP address of the Lotus-Notes server
behind the firewall in the To Server
                        field.
     For outbound access:
                        Leave the To Server field empty.
     For both:
                        Enter the IP address of the Lotus-Notes server
behind the firewall in the To Server
                        field.

     Leave the on port field empty.
     Press the create button to store the GSP in HAWK's configuration
files.
     Press the close button to dismiss the GSP Services window.

 (4)
    A rule must be created to allow authorized clients to pass traffic via
the Lotus-Notes GSP. If you want bidirectional
    Lotus-Notes access two rules will be required - one for inbound access,
 and another one for outbound access.

    For the sake of general illustration the following procedure will guide
 you through creating an interface-based rule
    that allows either all users on the protected (inside) network to
access Lotus-Notes servers outside the firewall, or
    users outside the firewall to access a specific Lotus-Notes server
behind the firewall (the specific server is denoted
    by the IP address in the GSP's To Server field). You can also perform
this procedure twice i.e. once to create an
    inbound rule, and the second time to create an outbound rule.

    Use the following procedure to create an authorization rule for
Lotus-Notes access:

     Press the rules button on the Hawk toolbar. The rules window should
appear.
     Ensure that ALL is displayed in the For field.
     Ensure that the permit certain access radio button is lit.
     Use the Connections FROM scrollbar to locate and select the name of
the appropriate NIC on the firewall.
     For outbound access select the name of the firewall's inside NIC. For
inbound access select the name of the
     firewall's outside NIC. Refer to the Interface Properties window if
you do not know which NIC is connected to
     the inside or outside network (Gateway> Configure> Interface
Properties).
     Hint:
          You are selecting the interface connected to the network where
the traffic originates from, which is
          obviously where the connections from scrollbar derives its name.

     Use the TO scrollbar to locate and select the Universe* entity.
     Use the Services and Protocols NOT included scrollbar to locate and
highlight the gsp.notes, and then press
     the right arrow to move it to the INCLUDED window.
     Ensure that the Permit Users, Permit Groups, Deny Users, and Deny
Groups sections are empty.
     Ensure that NONE appears in the authenticate using field. Using any
authentication type will cause the GSP to
     fail.
     Press the create button and then select save from the file pulldown
menu (up top) to post the rule to the
     gateway. Press the yes button in response to the query: Do you want to
 update the gateway with the new rule
     information? Press the OK button on the dialogue box: The gateway has
been reconfigured.
     Press the close button to dismiss the rules window.



Configuring Lotus-Notes access is now complete.

Best regards

Manuel Gil
GE Capital IT Solutions , S.L.
System Engineering
Edif. Torre Serrano
C./ Serrano 47, Madrid 28001, Spain
Phone: +34 91 4368838/00, Fax: +34 91 5769883, Mobile: 909 457616
Internet: Manuel.Gil () GECITS-EU COM