Allow remote access from the Internet to internal computers
Francisco
1.- I have an external company that must make changes frequently to their
application located in a server inside our organization.
That company downloads a copy of VNC locally whenever they must access their
application. But out TMG does not allow the remote connection.
Do I have to publish that server so that they can gives us support remotely
from the Internet? I have tried creating a new rule to allow port 3389
outbound but it does not help.
2.- In the report I have found an IP address which creates a lot more Http
traffic than the other 200 users, but the user`s name does not appear.
I am using AD for authentication but the clients´PCs are not in the domain
because it is a public college. The rest of the users´ names appear in the
report but not this one.(I do not know why)
How could I find out who is using that IP address? In the DHCP appears the
computer´s name but I need to know the user´s name to track his traffic and
restrict him from using so much bandwitdh
Jens Baier
> 1.- I have an external company that must make changes frequently to their
> application located in a server inside our organization.
> That company downloads a copy of VNC locally whenever they must access
> their
> application. But out TMG does not allow the remote connection.
> Do I have to publish that server so that they can gives us support
> remotely
> from the Internet? I have tried creating a new rule to allow port 3389
create Server Publishing rules for RDP / VNC but better for security reasons
use VPN!
> 2.- In the report I have found an IP address which creates a lot more Http
> traffic than the other 200 users, but the user`s name does not appear.
use a third party tool
http://www.collectivesoftware.com/Products/LogHostname
--
Gruss Jens
www.it-training-grote.de
www.forefront-tmg.de
https://mvp.support.microsoft.com/profile/Marc.Grote
http://blog.it-training-grote.de
Phillip Windell
"Francisco" <Fran...@discussions.microsoft.com> wrote in message
news:977CB9FD-0DBD-4447...@microsoft.com...
> TWO QUESTIONS:
> 1.- I have an external company that must make changes frequently to their
> application located in a server inside our organization.
> That company downloads a copy of VNC locally whenever they must access
> their
> application. But out TMG does not allow the remote connection.
> Do I have to publish that server so that they can gives us support
> remotely
> from the Internet? I have tried creating a new rule to allow port 3389
> outbound but it does not help.
Publishing VNC or using VPN works. But you might be better off if they
would use something more suitable than VNC,...like Logmein, GotoAssist, or
similar products that are more better designed for doing this. Then there
will be *no* work on your part as long as the machine has outbound
HTTP/HTTPS access anonymously. All the maintanence will fall on the
external company and not you. I know that logmein has the least amount of
issues getting through an ISA,...I have had problems with GoToAssist. The
problem with some of these is that they may use "port 80" but they don't use
truely RFC compliant HTTP when they communicate which causes them to get
dropped.
> 2.- In the report I have found an IP address which creates a lot more Http
> traffic than the other 200 users, but the user`s name does not appear.
> I am using AD for authentication but the clients´PCs are not in the
> domain
> because it is a public college. The rest of the users´ names appear in
> the
> report but not this one.(I do not know why)
> How could I find out who is using that IP address? In the DHCP appears the
> computer´s name but I need to know the user´s name to track his traffic
> and
> restrict him from using so much bandwitdh
You won't get user names without Authentication and without using either the
Web Proxy or Firewall Service.
--
Phillip Windell
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------