Direct Access Behind Fortinet c300
-
Sunday, January 06, 2013 2:35 PM
Hi
I am looking for a guide to deploy Deirect Access 2012 behind (Fortinet) firewall
I do not want the direct access will be in the corporate Net but in the DMZ with two NIC.
Unfortunly I could find guides only placing direct access insid the coporate LAN.
where can I find documentation for placing direct access behind NAT but not inside LAN?
All Replies
-
Monday, January 07, 2013 12:45 PM
There's a deployment guide for DA using Server 2012 at http://technet.microsoft.com/en-us/library/jj574167.aspx
What kind of firewall you have is not of interest really as long as it supports the needed protocols for DA (see step 1 in above link). What is not clear to me from the above is your exact requirements. My assumption from the above description is the following:
Internet - Ext Firewall - DA Server - Int Firewall - Internal network
- Ext Firewall must support the desired protocols (could be just SSL).
- Int Firewall must support domain membership for the DA Server. This is a requirement - the DA server has to be a member of the internal domain.
- Int Firewall must allow the needed traffic for all apps accessed by the users
Out of curiosity, what is it that stops you from deploying the DA Server with one leg on the internal network? Any technical/security reason?
Hth, Anders Janson Enfo Zipper
- Marked As Answer by AmitBernstein Tuesday, January 08, 2013 1:58 PM
-
Tuesday, January 08, 2013 2:01 PM
Hi
I do not belive so much in one leg configuration for security issue
Omer
.png)
