Solved

Is there a way to forward Port 443 SSL to more than one device on a Symantec Gateway 320 Firewall?

Posted on 2008-10-28
4
616 Views
Last Modified: 2012-05-05
What do you do with this firewall if you have to assign a port forwarding rule to more than one host/server? It doesn't seem possible. I get "service may not be enabled for more than one rule". There must be a workaround... anyone have any suggestions?

Specifically, I want to leave Outlook Web Access/Exchange running on port 443 but also would like to host a VPN concentrator using the same port. Am I just out of luck with this firewall?

0
Comment
Question by:philodendrin
  • 3
4 Comments
 
LVL 4

Accepted Solution

by:
Kaddict earned 500 total points
Comment Utility
From what I know, trying to forward a port to two computer is trying to send a tennis ball to two different players in two different directions... sounds quite impossible.

sorry if I'm right

-kaddict
0
 
LVL 4

Expert Comment

by:Kaddict
Comment Utility
If anyone else could confirm that it is completely impossible, I'd be happy

Of course you could have two servers running on your LAN and listening on 443, but on the Internet side, both will not be able to be accessible thru 443. You need to bind for example (443 from internet) to (443 on the Web server) and (444 from internet) to (443 on the router which needs the 443 port)

hope it helps,

kaddict
0
 

Author Comment

by:philodendrin
Comment Utility
That is what I assumed as well.

I think, in theory, the way to do this would be to have a separate public IP address point to either OWA or the VPN concentrator. In other words, use more than one Static IP and firewall. But I'm very fuzzy on how to put this into practice... wouldn't I need a second NIC in the mail server going to a separate firewall or one dual WAN firewall? Or, the VPN concentrator on a separate public IP?... but, from there I don't know how I'd link the device to the local LAN.

A little more background... What we have now is a T-1 with multiple static IP addresses. We're only using one IP  on our Symantec firewall for PPTP VPN (configured on a Windows 2003 file Server) and OWA (on a separate Exchange 2003 server) . What the client wants is a device that will allow them to connect remotely without having to configure VPN - so, some sort of clientless VPN device like the Netgear SSL312 VPN Concentrator. My problem is that I'm unsure how to integrate it into the existing LAN without stepping on OWA and Windows Mobile... since it'll want to use port 443.  


0
 
LVL 4

Expert Comment

by:Kaddict
Comment Utility
True. more than 1 public IP, and a lot of work could make this possible :)

Good luck!

-kaddict
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now