[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Allow nbsession via firewall
Tim, Thanks!... I agree with your answers,... but what can I do if ExChange 2000 require it, in it Front-end & Back-end Topology, in order to allow access to ExChange from the Internet ?. Thanks, Arie Gilboa ----- Original Message ----- Subject: RE: [FW1] Allow nbsession via firewall > Arie, > > You really don't want to enable NBT from your DMZ inbound or a compromised > host on your DMZ will be able to connect to internal hosts which is a major > security host > > Try to keep all connections one way, eg > > Internal network -> DMZ Network > DMZ Network -> Internet > > Obviously you will need exceptions - eg inbound e-mail, in which case ensure > that you make the rule point to point (host A to host B only) and service > specific - ie only SMTP. > > What are you trying to fix with NBT inbound ? > - Can you grab the files from the DMZ using an internal host instead > ? > > Regards > > Tim > -----Original Message----- > From: Arie Gilboa [mailto:[email protected]] > Sent: 07 January 2001 09:59 > To: [email protected] > Subject: [FW1] Allow nbsession via firewall > > > > Hello !, > > I would like to ask how risky is to allow nbsession (139) access from DMZ to > Internal network ?. > Is there any way to avoid it ? > > Thanks, > Arie Gilboa > > > > ============================================================================ > ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ > ==== > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|