Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 14994 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

LDAPS + NAT + Certificate

Wilfried Wolf

Hi there,

I want to publish our internal LDAP server (it's a novel one residing on let's say ldap.internal, corectly speaking ldaps) to the rest of the world. So I did a NAT-Forwording as described elsewhere and everything works fine except for the certificate, because with NAT the internal certificate (for ldap.internal) is presented, which a) is not trusted by the public and b) does not match the hostname.

I know the possibility for Web-Server forwarding (Webserver Protection -> Web Application Firewall), but I guess, this will not work for LDAPS.

Is there another possibility to provide a different Certificate to the "outer world" for NATing LDAPS through UTM9?

 

Best regards and thanks for your help in advance...

 

Willi



This thread was automatically locked due to age.
Parents
  • 0

    The real problem is that LDAP is not HTTP(s), so it will not flow through a WAF server.  Your usable options would be (1) configure SSL VPN logins for designated users, or (2) create a web page that converts the LDAP information into a web page, and publish the web page with WAF to some or all users.

    Assume that any information that you publish unsecured, or publish without 2-factor authentication, will be for sale on the dark web very quickly.   So be very careful what you make available.

Reply
  • 0

    The real problem is that LDAP is not HTTP(s), so it will not flow through a WAF server.  Your usable options would be (1) configure SSL VPN logins for designated users, or (2) create a web page that converts the LDAP information into a web page, and publish the web page with WAF to some or all users.

    Assume that any information that you publish unsecured, or publish without 2-factor authentication, will be for sale on the dark web very quickly.   So be very careful what you make available.

Children
No Data
Unfiltered HTML