Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 2433 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Protecting Internet Facing Servers in a Perimeter network

Chunk

Hi All,

first post so go easy on me :smileywink: 

My set up is this:

Enterprise Console v4 running on a LAN server, I have 2 Win2k3 servers in a perimeter network (hardware firewall) and would like to manage and protect them using the Enterprise console.

The 2 Perimeter network servers are not Domain members.

I have checked the Sophos knowledge based article 50832 and understand the port requirements but as the article states: "it is it is beyond the scope of this article to give recommendations on hosting internet facing services, and securing Microsoft Windows servers for use in a DMZ"

Anybody have any experience of this? What do I need to do in terms of allowing access from the LAN to the Perimeter on the firewall to enable the Enterprise Console to firstly see a non-domain machine and then protect it?

Also we are part way through implementing Microsoft ISA 2006 - any guidance or experience of setting up ISA for Perimeter networks and Sophos?

Thanks in advance :smileyhappy:

Regards

Chunk

:1572


This thread was automatically locked due to age.
Parents
  • 0

    Hi Christian,

    first off, many thanks for your reply, when you come up against a brick wall on the knowledge base it's good to know the 'community' support is working well.

    Seeing as it sounds a big deal to allow the Perimeter servers to be managed fully by the SEC I reckon your suggestion of installing from a copy of the CID and pointing them to update directly from Sophos is the most practical

    Cheers for pointing me in the direction of the kb article regarding the necessary ports for Sophos applications, had come across it before but was 'concerned' about the NetBIOS coming in from the DMZ to the LAN.

    Thanks again!

    Best regards

    Chunk

    :1582
Reply
  • 0

    Hi Christian,

    first off, many thanks for your reply, when you come up against a brick wall on the knowledge base it's good to know the 'community' support is working well.

    Seeing as it sounds a big deal to allow the Perimeter servers to be managed fully by the SEC I reckon your suggestion of installing from a copy of the CID and pointing them to update directly from Sophos is the most practical

    Cheers for pointing me in the direction of the kb article regarding the necessary ports for Sophos applications, had come across it before but was 'concerned' about the NetBIOS coming in from the DMZ to the LAN.

    Thanks again!

    Best regards

    Chunk

    :1582
Children
No Data