Encrypted RPC and firewalling
Matthew Huff
mhuff at ox.com
Thu Nov 10 13:38:35 UTC 2011
Also,
Most enterprises that support Exchange remote access use RPC over HTTPS which is encrypted and easy to allow on the firewall.
----
Matthew Huff | 1 Manhattanville Rd
Director of Operations | Purchase, NY 10577
OTA Management LLC | Phone: 914-460-4039
aim: matthewbhuff | Fax: 914-460-4139
> -----Original Message-----
> From: Valdis.Kletnieks at vt.edu [mailto:Valdis.Kletnieks at vt.edu]
> Sent: Thursday, November 10, 2011 7:51 AM
> To: Lasse Birnbaum Jensen
> Cc: nanog at nanog.org
> Subject: Re: Encrypted RPC and firewalling
>
> On Thu, 10 Nov 2011 09:56:51 +0100, Lasse Birnbaum Jensen said:
> > I would like to know how you guys handle encypted rpc across
> firewalls.
>
> You can always just set the firewall to ban RPC in general, whether or
> not it's encrypted (while you're there, close off ports 137-139 and
> other chucklehead stuff like that), and just make the user who's
> outside the firewall VPN in. That's a nice, simple, well-understood
> configuration that almost all software and even most users can handle.
>
> (We don't actually do a big monolithic firewall box - but pretty much
> everything has an iptables ruleset loaded that says "if your source IP
> isn't inside our 2 /16s, your packets go bye bye". And there's a nice
> PPTP-based VPN solution in place that even a humanities professor
> emeritus can use ;)
More information about the NANOG
mailing list