Hi there, Currently I have all my 2X infrastructure open to the LAN and VPN, but plan to open it to the WAN. What is the best way to do it? Should I add a gateway to the DMZ? How will the gateway authenticate the users then? Does it need to be a member of AD domain? Thanks
At present the 2X Secure gateway does not authenticate users, it provides a tunnel from which 2X Client access to published resources is allowed. The 2X Publishing Agent service is the service which authenticates, so in a DMZ you would deploy the publishing agent within Active Directory, and have the 2X Secure Client gateway within the DMZ.
Hi Andrews, If it does not perform any authentication, and tunnels all traffic to the Publishing Agent, does it improve my security in any way to keep a gateway on the DMZ? Thanks
The 2X Secure Gateway does NOT tunnel all the traffic to the 2X Publishing Agent, it merely uses it for authentication. Take a look at the DMZ solution over at http://www.2x.com/solutions/ for an idea of a suggested DMZ setup. Keeping the gateway in the DMZ allows you fine-grained control to decide (at the network layer) to whom the gateway is allowed to connect thereby protecting any other services that are not in the DMZ.