Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Gwia to DMZ

6 views
Skip to first unread message

Mike McCarron

unread,
Jan 29, 2004, 2:21:20 PM1/29/04
to
My gwia is presently inside my Firewall. I was thinking of creating a
secondary domain in the DMZ and putting the Gwia and webaccess in that
domain and have them communicating with the Primary via MTA's. Will
this work? Anyone see any problems with this? Do you know the ports
that have to be open to make this work? Using 6.5

Mike McCarron

Massimo Rosen

unread,
Jan 29, 2004, 4:23:41 PM1/29/04
to
Hi,

Mike McCarron wrote:
>
> My gwia is presently inside my Firewall. I was thinking of creating a
> secondary domain in the DMZ and putting the Gwia and webaccess in that
> domain and have them communicating with the Primary via MTA's. Will
> this work?

Yes.

> Anyone see any problems with this?

If you want this really secure, you need to have the server in a
different tree. If you plan to synchronize your NDS through the DMZ
firewall, you can as well scratch the DMZ idea completely.
Apart from that, if your GWIA is used for pop3 or imap, you have to make
sure the GWIA can reach each POA.

> Do you know the ports
> that have to be open to make this work? Using 6.5

Well, they are freely configurable, so only you can answer that finally.
But the default port for the MTA is 7100.

CU,
--
Massimo Rosen
Novell Product Support Forum Sysop
No emails please!
http://www.cfc-it.de

Mike McCarron

unread,
Jan 30, 2004, 1:59:35 PM1/30/04
to
Hi,

Thanks for the info. Didn't wuite understand the following:

"If you plan to synchronize your NDS through the DMZ
firewall, you can as well scratch the DMZ idea completely."

Are you suggesting that instead of a secondary domain that I set up a
new NDS tree with a new GW system and link them "external"

Hadn't even tought of updating the NDS yet through the firewall. What
ports does NDS communicate through?

Mike McCarron

Massimo Rosen

unread,
Feb 2, 2004, 5:44:39 AM2/2/04
to
Hi,

Mike McCarron wrote:
>
> Hi,
>
> Thanks for the info. Didn't wuite understand the following:
>
> "If you plan to synchronize your NDS through the DMZ
> firewall, you can as well scratch the DMZ idea completely."
>
> Are you suggesting that instead of a secondary domain that I set up a
> new NDS tree with a new GW system and link them "external"

No. You can still have a secondary domain, domains in GW don't need to
be in the same eDir tree.



> Hadn't even tought of updating the NDS yet through the firewall. What
> ports does NDS communicate through?

TCP 524. If you need SLP, TCP 427 additionally.

CU,
--
Massimo Rosen
Novell Support Connection Sysop

0 new messages