Firewall Wizards mailing list archives
RE: NTLM authentication from DMZ
From: Steffen Kluge <kluge () fujitsu com au>
Date: 25 Sep 2002 19:08:02 +1000
On Mon, 2002-09-23 at 18:20, Reckhard, Tobias wrote:
Mikael Olsson wrote:My first recommendation would probably be: stick something in front of the OWA box that does SSL and authentication. If someone gets to the OWA box, it's more or less game over; if nothing else because of all the sensitive stuff that is usually available in people's inboxes, public folders, etc etc.Heh, that's exactly what I'm about to have to implement here. I'm planning to use Apache+mod_proxy+mod_ssl and RSA SecurID in front of an OWA server. Does anyone by chance have any pointers to hints on how to set up such a baby?
That's what I had planned at first, too, but I seemed to big and complex for a simple task. I ended up putting the Exchange and OWA boxes on the internal network, and a simple reverse proxy that can also act as SSL wrapper onto the DMZ. Authentication is done by OWA. The firewall allows only 443/tcp from Internet to reverse proxy, and 80/tcp from reverse proxy to OWA. The proxy software I'm using is pound. Still beta and with some stability issues but very promising. Cheers Steffen. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: NTLM authentication from DMZ, (continued)
- RE: NTLM authentication from DMZ Frank Knobbe (Sep 20)
- Re: NTLM authentication from DMZ Mikael Olsson (Sep 20)
- RE: NTLM authentication from DMZ Ben Nagy (Sep 19)
- RE: NTLM authentication from DMZ Noonan, Wesley (Sep 20)
- RE: NTLM authentication from DMZ Dawes, Rogan (ZA - Johannesburg) (Sep 20)
- RE: NTLM authentication from DMZ Bill Royds (Sep 21)
- RE: NTLM authentication from DMZ Noonan, Wesley (Sep 20)
- RE: NTLM authentication from DMZ manatworkyes moderator (Sep 22)
- RE: NTLM authentication from DMZ Reckhard, Tobias (Sep 23)
- RE: NTLM authentication from DMZ Peter Robinson (Sep 23)
- RE: NTLM authentication from DMZ Steffen Kluge (Sep 25)
- RE: NTLM authentication from DMZ Paul D. Robertson (Sep 25)
- RE: NTLM authentication from DMZ Steffen Kluge (Sep 26)