Novell Home

DMZ Configuration with Access Manager

Novell Cool Solutions: Tip
By Ben Walter

Digg This - Slashdot This

Posted: 30 May 2007
 

Problem

A Forum reader recently asked:

"I am setting up NAM in the lab, with the configuration of the Identity Server and Access Gateway in the DMZ. I am not experienced it this type of setup, since we currently have iChian on the inside of the network, so this is going to be a completely different setup.

The IDP sever in the illustration of the "Setting Up Firewalls" section of the setup guide appears to have TWO NICS, and the Access Gateway appears to be set up that way. Or is this illustration indicating that the IDP server has a hole in the firewall to communicate to the LDAP server, and a hole in the firewall to communicate with the Admistration Console? I assume the LAG has to have two NICS, one for outside communication and the other for reverse proxies - correct?"

And here's the response from Ben Walter ...

Solution

You could use physical interfaces to do the segregation, but it'd be easier and cheaper to have the firewall doing all the port routing and restrictions.

I've placed an extremely handy image at this URL:

http://resources.wlg-novell.co.nz/products/NAM3/AM3_Traffic.gif

That shows most ports used between AM3 components.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell