WAN Access

Discussion in 'Parallels Remote Application Server' started by ricdgr, Oct 31, 2013.

  1. ricdgr

    ricdgr Member

    Messages:
    49
    Hi there,

    Currently I have all my 2X infrastructure open to the LAN and VPN, but plan to open it to the WAN.
    What is the best way to do it? Should I add a gateway to the DMZ? How will the gateway authenticate the users then? Does it need to be a member of AD domain?

    Thanks
     
  2. andrews8

    andrews8 Hunter

    Messages:
    166
    At present the 2X Secure gateway does not authenticate users, it provides a tunnel from which 2X Client access to published resources is allowed. The 2X Publishing Agent service is the service which authenticates, so in a DMZ you would deploy the publishing agent within Active Directory, and have the 2X Secure Client gateway within the DMZ.
     
  3. ricdgr

    ricdgr Member

    Messages:
    49
    Hi Andrews,

    If it does not perform any authentication, and tunnels all traffic to the Publishing Agent, does it improve my security in any way to keep a gateway on the DMZ?

    Thanks
     
  4. jpc

    jpc Pro

    Messages:
    446
    The 2X Secure Gateway does NOT tunnel all the traffic to the 2X Publishing Agent, it merely uses it for authentication.
    Take a look at the DMZ solution over at http://www.2x.com/solutions/ for an idea of a suggested DMZ setup.

    Keeping the gateway in the DMZ allows you fine-grained control to decide (at the network layer) to whom the gateway is allowed to connect thereby protecting any other services that are not in the DMZ.
     
  5. vkeven

    vkeven Bit poster

    Messages:
    5
    You should use only SSL mode if security is a concern
     

Share This Page