Hello, I am configuring 2X on my network and my goal, beside allow access to my terminal servers from the local network, is to publish them for outside clients through the Web Portal (ssl 443). Actually, i have questions about how to configure my frontal server. I'm using the following architecture as shown on the next picture. The Gateway 1 is behind a firewall, on a different VLAN, so different subnetwork (ie DMZ) than the Gateway 2, which is a member of my MS domain. The Gateway 1 is not a member of the MS domain, it's an independent server running windows 2008 R2. My problem is that i cannot use the domain users to log on the WebPortal because the server is not a member of the domain. Do i have a solution to allow the outside users to log on the 2x web portal with their domain credentials other than add the server as a domain member ? I wanna keep a good security : Gateway is not on my LAN ip subnet, if possible, not a member of the domain. Does 2X allow to redirect credentials to the Web Portal ? if yes how ? Please advice me about how to secure it the best, i'm lost. Thanks a lot.
Hi there, a secure infrastructure doesn't requires necessarly to have a group of user not member of the domain. Please check this out: - It shows an overview an uses as an example a DMZ (http://www.2x.com/solutions/images/Port_Reference.jpg) - There is also a good example for using a DMZ (http://www.2x.com/solutions/ - High Availability with a dual firewall DMZ) It might work when you set up the external user local on the machine where the 2xAS/2xVDS is installed and also on the TSs. Kind regards,
Hi gs, I've checked out that architecture : But the picture doesn't indicate if the server hosting the web portal and the secure client gateway needs to be a member of the domain but it seems completly obvious. So, i'll follow your instructions by adding it as a member of my domain. Setting up all the external users (around 60) and maintening that is too fastidious. Thank you. Best regards, Guillaume
