1999-02-04-16:09:47 Michael Sorbera:
> Paul,
I'm still not Paul, and still can't resist lobbing in answers to questions
you've asked him son the firewall's list:-).
> Our web server does not have any "users" connected to it. It's only function in
> life is to serve up html, no java, just plain old html with a little javascript
>embeded
> in it. We are about to role out our "online banking" portion of the site. I plan on
> forcing that section to use SSL.
When we talk about tunneling SSL through a firewall, the common picture we
automatically assume is a firewall with the internet on one side, and the
in-house network with employee's client workstations and the departmental
servers on the other side, and the SSL is being tunnelled to let the in-house
users access secure web sites out on the internet. In that setting we
immediately say _no_.
If I understand the setting you're describing, you are just talking about
putting up a secure web site, which loads of people do all the time, it's no
big deal. Any server should be protected by _some_ firewall, sure, but in the
case of a public web server --- or a public secure web server offering SSL ---
the "firewall" would normally just be the screening router, and its protection
could be dispensed with, it's just being used for extra reinforcement. Open
the SSL port to your secure web server in the screening router, that's normal
and right. Don't be surprised of some people can't use your secure web site
when they are at work, because the firewalls there won't let the SSL pass.
-Bennett
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
