Well, what if there is a requirement for a server in the PSN to participate in a domain? Just enough `holes` would be opened from the PSN to the protected network to allow a server on the PSN to authenticate against a domain without opening up access to other internal services on the protected network.
At the end of the day, how much risk does anyone want to take. Any public facing servers need to be constantly checked on and a darn good backup taken of public facing servers. It's a balance between good working practices and paranoia. At 21/10/2001 03:35 am , "Chris Green" <[EMAIL PROTECTED]> wrote: >Well, for starters I'll ask this... If you are going to allow access to >your internal network from your PSN, why do you have a PSN? I know there >are many valid answers for this, but its a question you need to ask yourself. >In response to your actual question, you need to use IP Passthrough filters. > >Chris Green > > > >>From: "Edward Ingram" <[EMAIL PROTECTED]> >>To: <[EMAIL PROTECTED]> >>Subject: How to allow access from PSN to PROT >>Date: Sat, 20 Oct 2001 16:27:32 -0700 >> >>What do I need to allow this access? I read somewhere that to allow >>this, I need a tunnel and a filter. >> >>I've looked at my current tunnels, which I use to redirect external >>requests for "real" ips to internal "private" ips, which is the normal >>usage. But what would I put in for a tunnel to allow, say >>192.168.1.0/24 to access 192.168.0.0/24? >> >>Ed >> >> >> >>Edward Ingram >>Network/Systems Administrator >>Payment Resources, Intl. >>[EMAIL PROTECTED] >>(949) 729-1400 >>(949) 729-1178 FAX
