Chris,
At last, someone with the same problem as I have. Here is what I've tried and
what
I'm about to try.
First attempt
------------------
We use securid to validate users (Notes pass through and Citrix Client) I set
up a
MS reverse proxy to forward web requests to the notes server. Started the http
process
on the notes server. Works perfectly. Overlaid the Securid on MS proxy ... no
joy. Called
Security Dynamics ... Reverse proxying not supported. Tried the same with
Netscape proxy
... still does not work in reverse mode.
Second attempt
______________
Created a replica of the users mail out on a notes server the DMZ. Ran the
http task on the server
and secured the files with securid. Sort of works. (Do I want my mail file in
the DMZ .. not really, do
I want to pass 1352 (notes) through the internal and external firewalls ... not
really)
Current attempt
_____________
Upgrade the external firewall to Checkpoint 4 (in which user authentication with
securid for incoming web
connections is supported (and works) I believe) Setup a Novell Bordermanager
HTTP accelerator (Their term
for reverse proxy) and switch to a different (not 80) port to talk to the notes
server. Tie in the NDS authentication
for added security.
We should now have ... Client tries to talk to the RP server. Checkpoint will
challenge with Securid request ... then
gets through to the NDS (Bordermanager) server and need to have user account and
password to access server ...
then tries to access notes mail file and needs to have notes user id and
password.
Any comments (suggestions and criticisms) from the firewall community would be
appreciated.
I'll let you know how I get on.
Regards
Rory
Chris Knox <[EMAIL PROTECTED]> on 09/15/99 07:15:27 PM
To: [EMAIL PROTECTED] (firewalls)
cc: (bcc: Rory Rogerson/MIS/XLGroup)
Subject: Marginally on-topic -- Secure remote email access
My company is scattered across North and South America, Europe, Asia,
Australia and the Pacific Rim. We currently use Notes for internal
email but the size of the data transfers while databases synch up has
caused some very expensive phone calls. We're getting a lot of pressure
to open up POP3 and let users connect accross the Internet. It give me
heartburn to think of all those passwords being shuttled around in the
clear from random ISPs in Sao Paulo, Moscow, London and who knows where
else. To make matters worse the users who travel the most are executives
and sales types who are -uhm- technologically -uhm- challenged. I.e.
they are doing well if they can set their clock radio.
Ideas or pointers to a more appropriate forum?
--
Chris Knox [EMAIL PROTECTED]
Hypercom, Inc. (602) 504-5888
Unix Systems Support Speaking only for myself.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
