I'm still in the design phase. Does anyone have any white papers \ best = practices information on installing and configuring CSG? The stuff I've = found on Citrix's web site is lacking... =20 _____ =20 =20 Brian Claus, A+, Network+, MCP Network Administrator WESCO Distribution, Inc. 225 West Station Square Drive, Suite 700 Pittsburgh, PA 15219-1122 Phone: 412-454-2412 Fax: 412-454-2540 bclaus@xxxxxxxxxxxxx <mailto:bclaus@xxxxxxxxxxxxx>=20 _____ =20 -----Original Message----- From: Stansel, Paul [mailto:Paul.Stansel@xxxxxxxxxxxxx] Sent: Tuesday, June 03, 2003 10:22 AM To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] Re: CSG implementation Well, it depends... are you running the Gateway on the same box as = NFuse? I'm not. Anyway, open only the ports you need. It is far more secure. = And remember, the XML communication takes place from the DMZ to the internal network. It does not need to be visible externally. You need 80 so = that NFuse can communicate AND so that the certificate can be resolved, and = 443 for security communications. I do it the recommended way and run a = seperate server for NFuse and for my Secure Gateway box. Both have only 80 and = 443 open to them externally. The SG box has IIS disabled. It works well. -Paul > ---------- > From: Claus, Brian[SMTP:BClaus@xxxxxxxxxxxxx] > Reply To: thin@xxxxxxxxxxxxx > Sent: Tuesday, June 03, 2003 10:04 AM > To: thin@xxxxxxxxxxxxx > Subject: [THIN] Re: CSG implementation >=20 > What about custom apps? Will they work if only 80 and 443 are open? > (I'm assuming you mean that your nfuse server uses port 80 to > communicate via XML...I don't use 80) >=20 > =3D20 >=20 > _____ =3D20 >=20 > =3D20 > Brian Claus, A+, Network+, MCP > Network Administrator > WESCO Distribution, Inc. > 225 West Station Square Drive, Suite 700 > Pittsburgh, PA 15219-1122 > Phone: 412-454-2412 > Fax: 412-454-2540 > bclaus@xxxxxxxxxxxxx <mailto:bclaus@xxxxxxxxxxxxx>=3D20 > _____ =3D20 >=20 >=20 >=20 > -----Original Message----- > From: Stansel, Paul [mailto:Paul.Stansel@xxxxxxxxxxxxx] > Sent: Tuesday, June 03, 2003 9:21 AM > To: 'thin@xxxxxxxxxxxxx' > Subject: [THIN] Re: CSG implementation >=20 >=20 > I prefer it in the DMZ. Then you can specify the ports that are = allowed > to > pass through to it (80 and 443 only) which really cuts down the > vulnerability. >=20 > -Paul >=20 > > ---------- > > From: Claus, Brian[SMTP:BClaus@xxxxxxxxxxxxx] > > Reply To: thin@xxxxxxxxxxxxx > > Sent: Tuesday, June 03, 2003 9:17 AM > > To: thin@xxxxxxxxxxxxx > > Subject: [THIN] Re: CSG implementation > >=3D20 > > In reading from the Brian Madden book (FR2) I get the following, is > this > > correct? > >=3D20 > > 1 nFuse server in DMZ or outside of the firewall with a verisign = cert > on > > it > > 1 STA inside the firewall > >=3D20 > > From the book, it looks like having it outside the firewall is the > best > > config security wise and easier to set up the open ports in the > firewall > > compared to the DMZ model. > >=3D20 > > Thoughts? > > =3D3D20 > >=3D20 > > _____ =3D3D20 > >=3D20 > > =3D3D20 > > Brian Claus, A+, Network+, MCP > > Network Administrator > > WESCO Distribution, Inc. > > 225 West Station Square Drive, Suite 700 > > Pittsburgh, PA 15219-1122 > > Phone: 412-454-2412 > > Fax: 412-454-2540 > > bclaus@xxxxxxxxxxxxx <mailto:bclaus@xxxxxxxxxxxxx>=3D3D20 > > _____ =3D3D20 > >=3D20 > >=3D20 > >=3D20 > > -----Original Message----- > > From: Roger Riggins [mailto:Roger@xxxxxxxxxxxx] > > Sent: Monday, June 02, 2003 6:03 PM > > To: thin@xxxxxxxxxxxxx > > Subject: [THIN] Re: CSG implementation > >=3D20 > >=3D20 > > CSG should be in the DMZ. It can be on the same box as NFuse with a > > tweak or two. STA should go inside, and can share resources with > another > > box. If you are purchasing your certs, you don't need a CA.=3D3D3D20 > >=3D20 > > Roger > >=3D20 > > -----Original Message----- > > From: SPerez@xxxxxxxxxxxxxxx = [mailto:SPerez@xxxxxxxxxxxxxxx]=3D3D3D20 > > Sent: Monday, June 02, 2003 11:29 AM > > To: thin@xxxxxxxxxxxxx > > Subject: [THIN] CSG implementation > >=3D20 > > Group, > >=3D20 > > Environment is Windows 2K Servers running MF XP FR2 w/w2k sp3. > >=3D20 > > I currently use NFuse 1.61 with project columbia for one NFuse site > > hosting > > internal and external users. > >=3D20 > > I would like to implement CSG 2.0. > >=3D20 > > Do I need to have a CA running? > > Also is it best to have CSG on a separate server then NFuse site? > > Does CSG need to reside on the inside or can it reside in the DMZ? > >=3D20 > > Thank You, > > Steve > >=3D20 > > ******************************************************** > > This Week's Sponsor - Appsense Technologies > > New! AppSense Optimizer is a new product from AppSense=3D3D3D20 > > designed to increase the user capacity of your servers.=3D3D3D20 > > http://www.appsense.com/ > > ********************************************************** > >=3D20 > > For Archives, to Unsubscribe, Subscribe or=3D3D3D20 > > set Digest or Vacation mode use the below link: > > http://thethin.net/citrixlist.cfm > > ******************************************************** > > This Week's Sponsor - Appsense Technologies > > New! AppSense Optimizer is a new product from AppSense=3D3D20 > > designed to increase the user capacity of your servers.=3D3D20 > > http://www.appsense.com/ > > ********************************************************** > >=3D20 > > For Archives, to Unsubscribe, Subscribe or=3D3D20 > > set Digest or Vacation mode use the below link: > > http://thethin.net/citrixlist.cfm > > ******************************************************** > > This Week's Sponsor - Appsense Technologies > > New! AppSense Optimizer is a new product from AppSense=3D20 > > designed to increase the user capacity of your servers.=3D20 > > http://www.appsense.com/ > > ********************************************************** > >=3D20 > > For Archives, to Unsubscribe, Subscribe or=3D20 > > set Digest or Vacation mode use the below link: > > http://thethin.net/citrixlist.cfm > >=3D20 > ******************************************************** > This Week's Sponsor - Appsense Technologies > New! AppSense Optimizer is a new product from AppSense=3D20 > designed to increase the user capacity of your servers.=3D20 > http://www.appsense.com/ > ********************************************************** >=20 > For Archives, to Unsubscribe, Subscribe or=3D20 > set Digest or Vacation mode use the below link: > http://thethin.net/citrixlist.cfm > ******************************************************** > This Week's Sponsor - Appsense Technologies > New! AppSense Optimizer is a new product from AppSense=20 > designed to increase the user capacity of your servers.=20 > http://www.appsense.com/ > ********************************************************** >=20 > For Archives, to Unsubscribe, Subscribe or=20 > set Digest or Vacation mode use the below link: > http://thethin.net/citrixlist.cfm >=20 ******************************************************** This Week's Sponsor - Appsense Technologies New! AppSense Optimizer is a new product from AppSense=20 designed to increase the user capacity of your servers.=20 http://www.appsense.com/ ********************************************************** For Archives, to Unsubscribe, Subscribe or=20 set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm ******************************************************** This Week's Sponsor - Appsense Technologies New! AppSense Optimizer is a new product from AppSense designed to increase the user capacity of your servers. http://www.appsense.com/ ********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm