[isalist] 2 be or not 2 be?
- From: "Andrew English" <andrew@xxxxxxxxxxxxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Thu, 4 May 2006 13:02:06 -0400
Hi Everyone remember me?? :)
I am sure these guys before me who are Russian had good intentions when they
put this network together but they sure a hell messed it up. :(
For starters the web site which has SSL has been plagued with issues, one which
from the web side when you access the managers site and click on their
real-time java application it opens a window and java starts up but then the
applet shows a red X. If you open the site locally on the LAN side and go to
the managers site (not using SSL) and open real-time the applet works without
any issues.
Next they have apache on the DMZ taking http of the site and converting it to
https (the certs are stored on the Linux box and there aren't any certs
installed on IIS or Exchange) and are also redirecting URL requests on the site
to the actual application server which runs on the LAN side on Windows 2003
Server as 192.168.1.10:8082, if I HTTP locally to the full URL with PORT number
I get "page can not be displayed", plus to top it off the site works perfectly
except for the Exchange link because its not pointed right on the LAN side
without the SSL or redirecting the pages to port 8082.
So my question now is as I am going to through this lame WatchGuard firewall
looking at their rules I notice they block a gazillion of IP addresses and
Ranges from SMTP, then to make it more archaic because the SMTP and IMAP come
into the second Linux box on the DMZ then pass through to the Exchange server,
and funny Exchange passes SMTP back to the Linux box, they also block the same
gazillion IP addresses and ranges between the Linux and the Exchange server. I
am wondering if I should also port the IPs into ISA into one rule or add them
to IMF which I am going to install them for them once ISA is ready to go?
Can someone tell me if there is a cheaper SSL service on the net? Their only
SSL cert currently is hosted by Network Solutions, and ideally I am thinking
since they don't transfer and confidential information when clients login such
as credit card numbers etc that if I can't find a cheaper SSL cert service
request NS to reissue the cert as owa.domain.com so I can then apply it to the
OWA Exchange site keeping the stock site as HTTP, and maybe do RPC over HTTP
for them since they have sale people on the road with notebooks.
FYI, I am racist in anyway when it comes to Russians I find it very funny that
ones I have met over the years or heard about think more about job security
then they do about doing the job right. I am sure there are a lot of hard
working Russian people out there who are honest!
Regards,
Andrew
Other related posts:
