Solved

Is there a way to forward Port 443 SSL to more than one device on a Symantec Gateway 320 Firewall?

Posted on 2008-10-28
4
619 Views
Last Modified: 2012-05-05
What do you do with this firewall if you have to assign a port forwarding rule to more than one host/server? It doesn't seem possible. I get "service may not be enabled for more than one rule". There must be a workaround... anyone have any suggestions?

Specifically, I want to leave Outlook Web Access/Exchange running on port 443 but also would like to host a VPN concentrator using the same port. Am I just out of luck with this firewall?

0
Comment
Question by:philodendrin
  • 3
4 Comments
 
LVL 4

Accepted Solution

by:
Kaddict earned 500 total points
ID: 22828527
From what I know, trying to forward a port to two computer is trying to send a tennis ball to two different players in two different directions... sounds quite impossible.

sorry if I'm right

-kaddict
0
 
LVL 4

Expert Comment

by:Kaddict
ID: 22828536
If anyone else could confirm that it is completely impossible, I'd be happy

Of course you could have two servers running on your LAN and listening on 443, but on the Internet side, both will not be able to be accessible thru 443. You need to bind for example (443 from internet) to (443 on the Web server) and (444 from internet) to (443 on the router which needs the 443 port)

hope it helps,

kaddict
0
 

Author Comment

by:philodendrin
ID: 22836996
That is what I assumed as well.

I think, in theory, the way to do this would be to have a separate public IP address point to either OWA or the VPN concentrator. In other words, use more than one Static IP and firewall. But I'm very fuzzy on how to put this into practice... wouldn't I need a second NIC in the mail server going to a separate firewall or one dual WAN firewall? Or, the VPN concentrator on a separate public IP?... but, from there I don't know how I'd link the device to the local LAN.

A little more background... What we have now is a T-1 with multiple static IP addresses. We're only using one IP  on our Symantec firewall for PPTP VPN (configured on a Windows 2003 file Server) and OWA (on a separate Exchange 2003 server) . What the client wants is a device that will allow them to connect remotely without having to configure VPN - so, some sort of clientless VPN device like the Netgear SSL312 VPN Concentrator. My problem is that I'm unsure how to integrate it into the existing LAN without stepping on OWA and Windows Mobile... since it'll want to use port 443.  


0
 
LVL 4

Expert Comment

by:Kaddict
ID: 22837720
True. more than 1 public IP, and a lot of work could make this possible :)

Good luck!

-kaddict
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question