[THIN] Re: NFUSE and NAT

• From: "Jensen, Jay" <jjensen@xxxxxxxxx>
• To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
• Date: Thu, 8 May 2003 09:35:57 -0500

Sorry if I am mistaken but I do not do any of the security and I depend on
others for this environment.  I was told by a person that is engineering our
Secure Gateway that for the STA server that should be used is a 3rd party
secure server external to the company and that external company would act as
our Certificate Authority server.  From what they explained to me that this
CA server would act as my Secure Ticket Authority.  

IF they are giving me an incorrect engineered environment, I need to
understand what that may be so I can question their solution.  That is the
basis of my question.  I have my doubts that this is the right approach.
From what you just told me it sounds like their engineered method will not
work.  

Is this correct?

Thanks again. 
Jay

-----Original Message-----
From: Stansel, Paul [mailto:Paul.Stansel@xxxxxxxxxxxxx]
Sent: Thursday, May 08, 2003 9:27 AM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Re: NFUSE and NAT



Jay, I'm not sure I understand.  Your STA is a machine, usually internal,
that handles the authentication steps.  It has the STA piece of Secure
Gateway installed.  If what you are asking about is the secure
certificate(s) needed, then that is a whole different ballgame.  We generate
our own, but it does cause problems.  They are no more or less secure than
any other 128bit certificate, but you have to have your root added as a
Trusted Root CA on every client machine.  In some cases that is a real pain.
Had I the chance to do it over again, I might choose a different route and
just cough up the cash.

-Paul

> ----------
> From:         Jensen, Jay[SMTP:jjensen@xxxxxxxxx]
> Reply To:     thin@xxxxxxxxxxxxx
> Sent:         Thursday, May 08, 2003 10:22 AM
> To:   'thin@xxxxxxxxxxxxx'
> Subject:      [THIN] Re: NFUSE and NAT
> 
> 
> This a question for all of you.  
> 
> In the Citrix Secure Gateway environment, a question came up that I would
> like your expert opinions. An assumption is that we have a secure external
> firewall, DMZ, and secure internal firewall.
> 
> The Secure Ticket Authority (STA).  Is it more secure to install your own
> internal STA server versus using a 3rd-Party Certificate Authority from an
> external secure CA? 
> 
> What are the arguments either way?
> 
> Thanks in advance. 
> Jay
> 
> -----Original Message-----
> From: Stansel, Paul [mailto:Paul.Stansel@xxxxxxxxxxxxx]
> Sent: Thursday, May 08, 2003 9:03 AM
> To: 'thin@xxxxxxxxxxxxx'
> Subject: [THIN] Re: NFUSE and NAT
> 
> 
> 
> Sure, you will just need to use the ALTADDR for the MF servers.
> 
> -Paul
> 
> > ----------
> > From:       Trygve Ryslett[SMTP:trygve.ryslett@xxxxxxx]
> > Reply To:   thin@xxxxxxxxxxxxx
> > Sent:       Thursday, May 08, 2003 10:00 AM
> > To:         thin@xxxxxxxxxxxxx
> > Subject:    [THIN] NFUSE and NAT
> > 
> > 
> > Is this possible ? How ?
> > The firm have a Cisco router with NAT, and wants to be able to reach the
> > NFUSE/MF servers over NAT connection via router..
> > 
> > 
> > 
> > Trygve
> > 
> > ********************************************************
> > This Week's Sponsor - Emergent Online
> > EOL's Universal Printer new Features include:
> > Network Printing, Pagestreaming, 2400 DPI.
> > No Client Software Required!
> > http://www.go-eol.com/
> > **********************************************************
> > 
> > For Archives, to Unsubscribe, Subscribe or 
> > set Digest or Vacation mode use the below link:
> > http://thethin.net/citrixlist.cfm
> > 
> ********************************************************
> This Week's Sponsor - Emergent Online
> EOL's Universal Printer new Features include:
> Network Printing, Pagestreaming, 2400 DPI.
> No Client Software Required!
> http://www.go-eol.com/
> **********************************************************
> 
> For Archives, to Unsubscribe, Subscribe or 
> set Digest or Vacation mode use the below link:
> http://thethin.net/citrixlist.cfm
> ********************************************************
> This Week's Sponsor - Emergent Online
> EOL's Universal Printer new Features include:
> Network Printing, Pagestreaming, 2400 DPI.
> No Client Software Required!
> http://www.go-eol.com/
> **********************************************************
> 
> For Archives, to Unsubscribe, Subscribe or 
> set Digest or Vacation mode use the below link:
> http://thethin.net/citrixlist.cfm
> 
********************************************************
This Week's Sponsor - Emergent Online
EOL's Universal Printer new Features include:
Network Printing, Pagestreaming, 2400 DPI.
No Client Software Required!
http://www.go-eol.com/
**********************************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
********************************************************
This Week's Sponsor - Emergent Online
EOL's Universal Printer new Features include:
Network Printing, Pagestreaming, 2400 DPI.
No Client Software Required!
http://www.go-eol.com/
**********************************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

• Follow-Ups:
  • [THIN] Re: NFUSE and NAT
    • From: Carlos Sanabria

Other related posts:

• » [THIN] NFUSE and NAT
• » [THIN] Re: NFUSE and NAT
• » [THIN] Re: NFUSE and NAT
• » [THIN] Re: NFUSE and NAT
• » [THIN] Re: NFUSE and NAT
• » [THIN] Re: NFUSE and NAT
• » [THIN] Re: NFUSE and NAT
• » [THIN] Re: NFUSE and NAT
• » [THIN] Re: NFUSE and NAT
• » [THIN] Re: NFUSE and NAT
• » [THIN] Re: NFUSE and NAT
• » [THIN] Re: NFUSE and NAT
• » [THIN] Re: NFUSE and NAT

1. Home
2. thin
3. Archive
4. 05-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---