[THIN] Re: CSG implementation

• From: "Stansel, Paul" <Paul.Stansel@xxxxxxxxxxxxx>
• To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
• Date: Tue, 3 Jun 2003 10:21:33 -0400

Well, it depends... are you running the Gateway on the same box as NFuse?
I'm not.  Anyway, open only the ports you need.  It is far more secure.  And
remember, the XML communication takes place from the DMZ to the internal
network.  It does not need to be visible externally.  You need 80 so that
NFuse can communicate AND so that the certificate can be resolved, and 443
for security communications.  I do it the recommended way and run a seperate
server for NFuse and for my Secure Gateway box.  Both have only 80 and 443
open to them externally.  The SG box has IIS disabled.  It works well.

-Paul

> ----------
> From:         Claus, Brian[SMTP:BClaus@xxxxxxxxxxxxx]
> Reply To:     thin@xxxxxxxxxxxxx
> Sent:         Tuesday, June 03, 2003 10:04 AM
> To:   thin@xxxxxxxxxxxxx
> Subject:      [THIN] Re: CSG implementation
> 
> What about custom apps?  Will they work if only 80 and 443 are open?
> (I'm assuming you mean that your nfuse server uses port 80 to
> communicate via XML...I don't use 80)
> 
> =20
> 
>   _____ =20
> 
> =20
> Brian Claus, A+, Network+, MCP
> Network Administrator
> WESCO Distribution, Inc.
> 225 West Station Square Drive, Suite 700
> Pittsburgh, PA 15219-1122
> Phone:  412-454-2412
> Fax:  412-454-2540
> bclaus@xxxxxxxxxxxxx <mailto:bclaus@xxxxxxxxxxxxx>=20
>   _____ =20
> 
> 
> 
> -----Original Message-----
> From: Stansel, Paul [mailto:Paul.Stansel@xxxxxxxxxxxxx]
> Sent: Tuesday, June 03, 2003 9:21 AM
> To: 'thin@xxxxxxxxxxxxx'
> Subject: [THIN] Re: CSG implementation
> 
> 
> I prefer it in the DMZ.  Then you can specify the ports that are allowed
> to
> pass through to it (80 and 443 only) which really cuts down the
> vulnerability.
> 
> -Paul
> 
> > ----------
> > From:       Claus, Brian[SMTP:BClaus@xxxxxxxxxxxxx]
> > Reply To:   thin@xxxxxxxxxxxxx
> > Sent:       Tuesday, June 03, 2003 9:17 AM
> > To:         thin@xxxxxxxxxxxxx
> > Subject:    [THIN] Re: CSG implementation
> >=20
> > In reading from the Brian Madden book (FR2) I get the following, is
> this
> > correct?
> >=20
> > 1 nFuse server in DMZ or outside of the firewall with a verisign cert
> on
> > it
> > 1 STA inside the firewall
> >=20
> > From the book, it looks like having it outside the firewall is the
> best
> > config security wise and easier to set up the open ports in the
> firewall
> > compared to the DMZ model.
> >=20
> > Thoughts?
> > =3D20
> >=20
> >   _____ =3D20
> >=20
> > =3D20
> > Brian Claus, A+, Network+, MCP
> > Network Administrator
> > WESCO Distribution, Inc.
> > 225 West Station Square Drive, Suite 700
> > Pittsburgh, PA 15219-1122
> > Phone:  412-454-2412
> > Fax:  412-454-2540
> > bclaus@xxxxxxxxxxxxx <mailto:bclaus@xxxxxxxxxxxxx>=3D20
> >   _____ =3D20
> >=20
> >=20
> >=20
> > -----Original Message-----
> > From: Roger Riggins [mailto:Roger@xxxxxxxxxxxx]
> > Sent: Monday, June 02, 2003 6:03 PM
> > To: thin@xxxxxxxxxxxxx
> > Subject: [THIN] Re: CSG implementation
> >=20
> >=20
> > CSG should be in the DMZ. It can be on the same box as NFuse with a
> > tweak or two. STA should go inside, and can share resources with
> another
> > box. If you are purchasing your certs, you don't need a CA.=3D3D20
> >=20
> > Roger
> >=20
> > -----Original Message-----
> > From: SPerez@xxxxxxxxxxxxxxx [mailto:SPerez@xxxxxxxxxxxxxxx]=3D3D20
> > Sent: Monday, June 02, 2003 11:29 AM
> > To: thin@xxxxxxxxxxxxx
> > Subject: [THIN] CSG implementation
> >=20
> > Group,
> >=20
> > Environment is Windows 2K Servers running MF XP FR2 w/w2k sp3.
> >=20
> > I currently use NFuse 1.61 with project columbia for one NFuse site
> > hosting
> > internal and external users.
> >=20
> > I would like to implement CSG 2.0.
> >=20
> > Do I need to have a CA running?
> > Also is it best to have CSG on a separate server then NFuse site?
> > Does CSG need to reside on the inside or can it reside in the DMZ?
> >=20
> > Thank You,
> > Steve
> >=20
> > ********************************************************
> > This Week's Sponsor - Appsense Technologies
> > New! AppSense Optimizer is a new product from AppSense=3D3D20
> > designed to increase the user capacity of your servers.=3D3D20
> > http://www.appsense.com/
> > **********************************************************
> >=20
> > For Archives, to Unsubscribe, Subscribe or=3D3D20
> > set Digest or Vacation mode use the below link:
> > http://thethin.net/citrixlist.cfm
> > ********************************************************
> > This Week's Sponsor - Appsense Technologies
> > New! AppSense Optimizer is a new product from AppSense=3D20
> > designed to increase the user capacity of your servers.=3D20
> > http://www.appsense.com/
> > **********************************************************
> >=20
> > For Archives, to Unsubscribe, Subscribe or=3D20
> > set Digest or Vacation mode use the below link:
> > http://thethin.net/citrixlist.cfm
> > ********************************************************
> > This Week's Sponsor - Appsense Technologies
> > New! AppSense Optimizer is a new product from AppSense=20
> > designed to increase the user capacity of your servers.=20
> > http://www.appsense.com/
> > **********************************************************
> >=20
> > For Archives, to Unsubscribe, Subscribe or=20
> > set Digest or Vacation mode use the below link:
> > http://thethin.net/citrixlist.cfm
> >=20
> ********************************************************
> This Week's Sponsor - Appsense Technologies
> New! AppSense Optimizer is a new product from AppSense=20
> designed to increase the user capacity of your servers.=20
> http://www.appsense.com/
> **********************************************************
> 
> For Archives, to Unsubscribe, Subscribe or=20
> set Digest or Vacation mode use the below link:
> http://thethin.net/citrixlist.cfm
> ********************************************************
> This Week's Sponsor - Appsense Technologies
> New! AppSense Optimizer is a new product from AppSense 
> designed to increase the user capacity of your servers. 
> http://www.appsense.com/
> **********************************************************
> 
> For Archives, to Unsubscribe, Subscribe or 
> set Digest or Vacation mode use the below link:
> http://thethin.net/citrixlist.cfm
> 
********************************************************
This Week's Sponsor - Appsense Technologies
New! AppSense Optimizer is a new product from AppSense 
designed to increase the user capacity of your servers. 
http://www.appsense.com/
**********************************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

Other related posts:

• » [THIN] CSG implementation
• » [THIN] Re: CSG implementation
• » [THIN] Re: CSG implementation
• » [THIN] Re: CSG implementation
• » [THIN] Re: CSG implementation
• » [THIN] Re: CSG implementation
• » [THIN] Re: CSG implementation
• » [THIN] Re: CSG implementation
• » [THIN] Re: CSG implementation
• » [THIN] Re: CSG implementation
• » [THIN] Re: CSG implementation
• » [THIN] Re: CSG implementation
• » [THIN] Re: CSG implementation

1. Home
2. thin
3. Archive
4. 06-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---