Solved

How can I access a second server running Sharepoint behind a firewall

Posted on 2009-04-04
9
279 Views
Last Modified: 2012-05-06
I have a client who has a server running Small Business Server 2003. They also have a dedicated 2008 Server running Sharepoint 3.0.

All the HTTPS connections are mapped to the SBS server so my question is how can I setup a redirect? I would like to be able to goto sharepoint.company.co.uk and get forwarded to the 2008 Server but still be able to goto office.company.co.uk/exchange for the SBS features.
They have a netgear Pro DGFV338 router.
0
Comment
Question by:SeventhZen
  • 3
  • 3
  • 3
9 Comments
 
LVL 13

Expert Comment

by:itgroove
ID: 24068924
Hey there,
Hmm, no redirect here is going to be possible, at least from the one site to the other. However, if your router/firewall can do 1 to 1 NAT (and I'm making the assumption both sites are published with SSL certs, thus the need for unique IP's), setup each site with their own Alternate Access Mappings (AAMs), expose each at the firewall (published) and set the appropriate DNS.  I.e. both will be 'on the Net', not one redirecting and handling the requests, for the other.
0
 
LVL 1

Author Comment

by:SeventhZen
ID: 24070980
Ok then, can I use the remote workplace front end. In other words, get my clients to goto the remote part of SBS and modify the sharepoint link to point to the new sharepoint server?
0
 
LVL 6

Expert Comment

by:Ramone_Hamilton
ID: 24071401
Have you tried using the Alternate Access Mapping for this?  I'm not well versed with DNS but is it possible to point sharepoint.company.co.uk to the WSS 3.0 server and then change the AAM to reflect this.  Worse case scenario is that you could simply set up a page at sharepoint.company.co.ul to Respose.Redirect or Server.Transfer to the default page of the Shareoint server.
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 
LVL 13

Expert Comment

by:itgroove
ID: 24071953
Sure, RWW is a possibility. Get them 'inside' your network with that, then view SharePoint.  This won't help in cases where you might want folks to browse SharePoint via their phones, RSS feeds, etc. (SharePoint won't be directly on the net) however, I suppose it could then provide the requirement you desire.  Much like a VPN would.
0
 
LVL 1

Author Comment

by:SeventhZen
ID: 24072088
What I was trying to do was set this up so that the new sharepoint server has the default site running but this is listening on port 444. Much the same way you setup external access to the sharepoint if this is all running on the sbs box. I wanted to have a rule at the firewall that will transfer any traffic on port 444 to the new server.  Then I was going to set up a cname on the webite that pointed sharepoint.company.co.uk to 1.1.1.1:444. Can I append port numbers to a record - would this work?

Or better still can I use the existing SBS sharepoint to redirect over to the new one? I want to use SSL and have two certificates ready, just haven't started the CSR process yet and only have the one gateway to work with and one single IP....apologies but I know this is bouncing around.... what is the response redirect stuff? will this work with sharepoint 2.0 on SBS?

Would a second public IP be any good?
0
 
LVL 6

Expert Comment

by:Ramone_Hamilton
ID: 24072125
Response.Redirect is simply a method within the ASP.NET the platform sharepoint is build on that will redirect a page from one to another.  The other questions are unfortunately far beyond my knowledge base.
0
 
LVL 13

Assisted Solution

by:itgroove
itgroove earned 200 total points
ID: 24072155
Yes, that was what I was eluding to in my first reply re: 1 to 1 NAT and unique IP's.
  1. Create an Alternate Access Mapping for your SharePoint site - something like https://publicportal.companyX.com
  2. Get your SSL cert and apply it to the AAM/zone
  3. Bind a 2nd IP to your firewall (and to your SP server if your base site is also SSL enabled, as you can't share an IP with two SSL certs both using TCP443)
  4. Publish your new SharePoint URL on the outside via your 1 to 1 NAT (or whatever method your firewall supports)
0
 
LVL 1

Author Comment

by:SeventhZen
ID: 24135735
I don't have access to the additional certificates or the additional IP at the moment - a very long story.
I seem to be going round in circles with this. I have successfully setup external access to the sharepoint 2.0 services running on the Small Business Server and I naively thought I could just translate this over to the Server 2008. I wanted to simply offload the sharepoint requirements to the 2K8 box as the SBS is already busy.

Do I need to setup 3.0 on the SBS, and then forward this onto the 2k8 or can I just change the firewall rules to forward the port onto the 2k8 server? If so will this prompt or windows credentials?
0
 
LVL 6

Accepted Solution

by:
Ramone_Hamilton earned 300 total points
ID: 24136515
I haven't worked alot with MOSS on 2k8 to know if you will have issues forwarding any users there, but I would assume with Windows Authentication as your authentication type and given that they are on the same Domain that this wouldn't necessarily be a problem.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question