[THIN] Re: CSG implementation
- From: "Claus, Brian" <BClaus@xxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Tue, 3 Jun 2003 10:43:27 -0400
I'm still in the design phase. Does anyone have any white papers \ best =
practices information on installing and configuring CSG? The stuff I've =
found on Citrix's web site is lacking...
=20
_____ =20
=20
Brian Claus, A+, Network+, MCP
Network Administrator
WESCO Distribution, Inc.
225 West Station Square Drive, Suite 700
Pittsburgh, PA 15219-1122
Phone: 412-454-2412
Fax: 412-454-2540
bclaus@xxxxxxxxxxxxx <mailto:bclaus@xxxxxxxxxxxxx>=20
_____ =20
-----Original Message-----
From: Stansel, Paul [mailto:Paul.Stansel@xxxxxxxxxxxxx]
Sent: Tuesday, June 03, 2003 10:22 AM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Re: CSG implementation
Well, it depends... are you running the Gateway on the same box as =
NFuse?
I'm not. Anyway, open only the ports you need. It is far more secure. =
And
remember, the XML communication takes place from the DMZ to the internal
network. It does not need to be visible externally. You need 80 so =
that
NFuse can communicate AND so that the certificate can be resolved, and =
443
for security communications. I do it the recommended way and run a =
seperate
server for NFuse and for my Secure Gateway box. Both have only 80 and =
443
open to them externally. The SG box has IIS disabled. It works well.
-Paul
> ----------
> From: Claus, Brian[SMTP:BClaus@xxxxxxxxxxxxx]
> Reply To: thin@xxxxxxxxxxxxx
> Sent: Tuesday, June 03, 2003 10:04 AM
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: CSG implementation
>=20
> What about custom apps? Will they work if only 80 and 443 are open?
> (I'm assuming you mean that your nfuse server uses port 80 to
> communicate via XML...I don't use 80)
>=20
> =3D20
>=20
> _____ =3D20
>=20
> =3D20
> Brian Claus, A+, Network+, MCP
> Network Administrator
> WESCO Distribution, Inc.
> 225 West Station Square Drive, Suite 700
> Pittsburgh, PA 15219-1122
> Phone: 412-454-2412
> Fax: 412-454-2540
> bclaus@xxxxxxxxxxxxx <mailto:bclaus@xxxxxxxxxxxxx>=3D20
> _____ =3D20
>=20
>=20
>=20
> -----Original Message-----
> From: Stansel, Paul [mailto:Paul.Stansel@xxxxxxxxxxxxx]
> Sent: Tuesday, June 03, 2003 9:21 AM
> To: 'thin@xxxxxxxxxxxxx'
> Subject: [THIN] Re: CSG implementation
>=20
>=20
> I prefer it in the DMZ. Then you can specify the ports that are =
allowed
> to
> pass through to it (80 and 443 only) which really cuts down the
> vulnerability.
>=20
> -Paul
>=20
> > ----------
> > From: Claus, Brian[SMTP:BClaus@xxxxxxxxxxxxx]
> > Reply To: thin@xxxxxxxxxxxxx
> > Sent: Tuesday, June 03, 2003 9:17 AM
> > To: thin@xxxxxxxxxxxxx
> > Subject: [THIN] Re: CSG implementation
> >=3D20
> > In reading from the Brian Madden book (FR2) I get the following, is
> this
> > correct?
> >=3D20
> > 1 nFuse server in DMZ or outside of the firewall with a verisign =
cert
> on
> > it
> > 1 STA inside the firewall
> >=3D20
> > From the book, it looks like having it outside the firewall is the
> best
> > config security wise and easier to set up the open ports in the
> firewall
> > compared to the DMZ model.
> >=3D20
> > Thoughts?
> > =3D3D20
> >=3D20
> > _____ =3D3D20
> >=3D20
> > =3D3D20
> > Brian Claus, A+, Network+, MCP
> > Network Administrator
> > WESCO Distribution, Inc.
> > 225 West Station Square Drive, Suite 700
> > Pittsburgh, PA 15219-1122
> > Phone: 412-454-2412
> > Fax: 412-454-2540
> > bclaus@xxxxxxxxxxxxx <mailto:bclaus@xxxxxxxxxxxxx>=3D3D20
> > _____ =3D3D20
> >=3D20
> >=3D20
> >=3D20
> > -----Original Message-----
> > From: Roger Riggins [mailto:Roger@xxxxxxxxxxxx]
> > Sent: Monday, June 02, 2003 6:03 PM
> > To: thin@xxxxxxxxxxxxx
> > Subject: [THIN] Re: CSG implementation
> >=3D20
> >=3D20
> > CSG should be in the DMZ. It can be on the same box as NFuse with a
> > tweak or two. STA should go inside, and can share resources with
> another
> > box. If you are purchasing your certs, you don't need a CA.=3D3D3D20
> >=3D20
> > Roger
> >=3D20
> > -----Original Message-----
> > From: SPerez@xxxxxxxxxxxxxxx =
[mailto:SPerez@xxxxxxxxxxxxxxx]=3D3D3D20
> > Sent: Monday, June 02, 2003 11:29 AM
> > To: thin@xxxxxxxxxxxxx
> > Subject: [THIN] CSG implementation
> >=3D20
> > Group,
> >=3D20
> > Environment is Windows 2K Servers running MF XP FR2 w/w2k sp3.
> >=3D20
> > I currently use NFuse 1.61 with project columbia for one NFuse site
> > hosting
> > internal and external users.
> >=3D20
> > I would like to implement CSG 2.0.
> >=3D20
> > Do I need to have a CA running?
> > Also is it best to have CSG on a separate server then NFuse site?
> > Does CSG need to reside on the inside or can it reside in the DMZ?
> >=3D20
> > Thank You,
> > Steve
> >=3D20
> > ********************************************************
> > This Week's Sponsor - Appsense Technologies
> > New! AppSense Optimizer is a new product from AppSense=3D3D3D20
> > designed to increase the user capacity of your servers.=3D3D3D20
> > http://www.appsense.com/
> > **********************************************************
> >=3D20
> > For Archives, to Unsubscribe, Subscribe or=3D3D3D20
> > set Digest or Vacation mode use the below link:
> > http://thethin.net/citrixlist.cfm
> > ********************************************************
> > This Week's Sponsor - Appsense Technologies
> > New! AppSense Optimizer is a new product from AppSense=3D3D20
> > designed to increase the user capacity of your servers.=3D3D20
> > http://www.appsense.com/
> > **********************************************************
> >=3D20
> > For Archives, to Unsubscribe, Subscribe or=3D3D20
> > set Digest or Vacation mode use the below link:
> > http://thethin.net/citrixlist.cfm
> > ********************************************************
> > This Week's Sponsor - Appsense Technologies
> > New! AppSense Optimizer is a new product from AppSense=3D20
> > designed to increase the user capacity of your servers.=3D20
> > http://www.appsense.com/
> > **********************************************************
> >=3D20
> > For Archives, to Unsubscribe, Subscribe or=3D20
> > set Digest or Vacation mode use the below link:
> > http://thethin.net/citrixlist.cfm
> >=3D20
> ********************************************************
> This Week's Sponsor - Appsense Technologies
> New! AppSense Optimizer is a new product from AppSense=3D20
> designed to increase the user capacity of your servers.=3D20
> http://www.appsense.com/
> **********************************************************
>=20
> For Archives, to Unsubscribe, Subscribe or=3D20
> set Digest or Vacation mode use the below link:
> http://thethin.net/citrixlist.cfm
> ********************************************************
> This Week's Sponsor - Appsense Technologies
> New! AppSense Optimizer is a new product from AppSense=20
> designed to increase the user capacity of your servers.=20
> http://www.appsense.com/
> **********************************************************
>=20
> For Archives, to Unsubscribe, Subscribe or=20
> set Digest or Vacation mode use the below link:
> http://thethin.net/citrixlist.cfm
>=20
********************************************************
This Week's Sponsor - Appsense Technologies
New! AppSense Optimizer is a new product from AppSense=20
designed to increase the user capacity of your servers.=20
http://www.appsense.com/
**********************************************************
For Archives, to Unsubscribe, Subscribe or=20
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
********************************************************
This Week's Sponsor - Appsense Technologies
New! AppSense Optimizer is a new product from AppSense
designed to increase the user capacity of your servers.
http://www.appsense.com/
**********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
Other related posts:
