Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 628
  • Last Modified:

Is there a way to forward Port 443 SSL to more than one device on a Symantec Gateway 320 Firewall?

What do you do with this firewall if you have to assign a port forwarding rule to more than one host/server? It doesn't seem possible. I get "service may not be enabled for more than one rule". There must be a workaround... anyone have any suggestions?

Specifically, I want to leave Outlook Web Access/Exchange running on port 443 but also would like to host a VPN concentrator using the same port. Am I just out of luck with this firewall?

0
philodendrin
Asked:
philodendrin
  • 3
1 Solution
 
KaddictCommented:
From what I know, trying to forward a port to two computer is trying to send a tennis ball to two different players in two different directions... sounds quite impossible.

sorry if I'm right

-kaddict
0
 
KaddictCommented:
If anyone else could confirm that it is completely impossible, I'd be happy

Of course you could have two servers running on your LAN and listening on 443, but on the Internet side, both will not be able to be accessible thru 443. You need to bind for example (443 from internet) to (443 on the Web server) and (444 from internet) to (443 on the router which needs the 443 port)

hope it helps,

kaddict
0
 
philodendrinAuthor Commented:
That is what I assumed as well.

I think, in theory, the way to do this would be to have a separate public IP address point to either OWA or the VPN concentrator. In other words, use more than one Static IP and firewall. But I'm very fuzzy on how to put this into practice... wouldn't I need a second NIC in the mail server going to a separate firewall or one dual WAN firewall? Or, the VPN concentrator on a separate public IP?... but, from there I don't know how I'd link the device to the local LAN.

A little more background... What we have now is a T-1 with multiple static IP addresses. We're only using one IP  on our Symantec firewall for PPTP VPN (configured on a Windows 2003 file Server) and OWA (on a separate Exchange 2003 server) . What the client wants is a device that will allow them to connect remotely without having to configure VPN - so, some sort of clientless VPN device like the Netgear SSL312 VPN Concentrator. My problem is that I'm unsure how to integrate it into the existing LAN without stepping on OWA and Windows Mobile... since it'll want to use port 443.  


0
 
KaddictCommented:
True. more than 1 public IP, and a lot of work could make this possible :)

Good luck!

-kaddict
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now