Guys,
I think an easy one :)
I ahve this setup:
1. DMZ
2. CAG in DMZ eth0 DMZ and eth1 LAN
3. WI, XenApp in the LAN
Authentication happens at CAG not WI.
I just need to know/understand what firewall ports need to be opened in the above scenario and from what port does the traffic flows from DMZ to LAN.
Shouod it be:
1. External to DMZ - 443/80 (in and out)
2. DMZ to LAN FROM eth1 : ICA, session reliability, LDAP, RADIUS, etc both ways (in and out)
or:
1. External to DMZ - 443/80
2. And then nothing to LAN from eth0 as all traffic in the CAG flows from eth0 to eth1 and then to LAN (at which point it looks like traffic comes from CAG in the LAN).
or maybe I need like scenario 1 above and only open the port FROM LAN to DMZ? (and both directions).
I just need to understand what needs to be opened, which direction and from which segment for LAN or NIC for CAG so i dont open up ports that are not needed.
Thanks
Which model CAG do you have?
In scenario 1 where you are dual armed, the only firewall rule you need is to allow the public to the CAG, all internal traffic will route through eth1.
If you don't wish to dual arm, you will need firewall rules, but which ones will be completely dependent on your configuration.