Can you use https for web access without using the SSL gateway?

Hi Matthew,

Yes you can. Just enable SSL on your Web-Access server and use a certificate.

- Dennis

Thanks Andrew

If the "secured" Web Access and the SSL gateway are co-hosted, do you need to have seperate IP addresses (and FQDNs) for the Web Access and SSL gateway bound to the same NIC to avoid:

a) both services listening on the same ip address and port

b) the same internal and external Web Access URLs under Firewall/SSL VPN  in the Web Access Management Console

c) the same local and destination ip address and port under Web Interface Proxy in the Secure-IT control panel applet

Thanks Dennis

Where exactly would i enable this, I have checked the Admin and Web Access guides and they only seem to talk about using the SSL gateway to do this?

Dennis means if you don't want to use our SSL Gateway, you can secure IIS using the standard MS way:

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/56bdf977-14f8-4867-9c51-34c346d48b04.mspx?mfr=true

Matthew, I own that case within Support and have already provided full instructions on how to do what you need to do.

It's actually really simple.

Leave both the Web and RDP secured by the SSL Gateway and then use the Custom Address translation list to make the subset of Users not use RDP over SSL.

If you PM me your number I'll give you a call and take you through it.

Thanks.

Hello Matthew,

you can not run both (web access secured by SSL and SSL gateway on the same server with only one ip adress and both using port 443). This is also not recommended.

Normally the SSL Gateway server will be placed in the DMZ and the Web Access server in the production network. (So you are using two seperate servers).

I never tried it with 2 IP adresses because it's not logical in my opinion. But on a technical perpective it could work..

- Dennis

Hi Dennis - how exactly would this work; how would the OS know which service to route packets arriving at port 443 to?

We have the situation where by a subset of users using our SSL gateway/Web Access server are experiencing issues and Quest Support have recommended we segregate these users and have them bypass the SSL gateway.

Hello,

Yes, I believe you would if the Web is secured via IIS but RDP is still secured via the SSL Gateway.

In this circumstance, I'd definately use the SSL Gateway to secure both RDP and the Website as this would only require the 1 IP and Cert.

Unless there is a reason you don't want to do this?

Kind Regards, Andrew.

Hello Matthew,

Maybe in your scenario it's better to use two different web access servers.

1 for connections from outside your network : Connect to SSL Gateway server which forwards you to the web access server 1 running on HTTP.

and

1 for connections from inside your network: Connect to web access server 2 running over SSL so this web access server can not contacted outside your network and you are not usign the SSL Gateway server for that.

- Dennis