Solved

How can I access a second server running Sharepoint behind a firewall

Posted on 2009-04-04
9
278 Views
Last Modified: 2012-05-06
I have a client who has a server running Small Business Server 2003. They also have a dedicated 2008 Server running Sharepoint 3.0.

All the HTTPS connections are mapped to the SBS server so my question is how can I setup a redirect? I would like to be able to goto sharepoint.company.co.uk and get forwarded to the 2008 Server but still be able to goto office.company.co.uk/exchange for the SBS features.
They have a netgear Pro DGFV338 router.
0
Comment
Question by:SeventhZen
  • 3
  • 3
  • 3
9 Comments
 
LVL 13

Expert Comment

by:itgroove
Comment Utility
Hey there,
Hmm, no redirect here is going to be possible, at least from the one site to the other. However, if your router/firewall can do 1 to 1 NAT (and I'm making the assumption both sites are published with SSL certs, thus the need for unique IP's), setup each site with their own Alternate Access Mappings (AAMs), expose each at the firewall (published) and set the appropriate DNS.  I.e. both will be 'on the Net', not one redirecting and handling the requests, for the other.
0
 
LVL 1

Author Comment

by:SeventhZen
Comment Utility
Ok then, can I use the remote workplace front end. In other words, get my clients to goto the remote part of SBS and modify the sharepoint link to point to the new sharepoint server?
0
 
LVL 6

Expert Comment

by:Ramone_Hamilton
Comment Utility
Have you tried using the Alternate Access Mapping for this?  I'm not well versed with DNS but is it possible to point sharepoint.company.co.uk to the WSS 3.0 server and then change the AAM to reflect this.  Worse case scenario is that you could simply set up a page at sharepoint.company.co.ul to Respose.Redirect or Server.Transfer to the default page of the Shareoint server.
0
 
LVL 13

Expert Comment

by:itgroove
Comment Utility
Sure, RWW is a possibility. Get them 'inside' your network with that, then view SharePoint.  This won't help in cases where you might want folks to browse SharePoint via their phones, RSS feeds, etc. (SharePoint won't be directly on the net) however, I suppose it could then provide the requirement you desire.  Much like a VPN would.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 1

Author Comment

by:SeventhZen
Comment Utility
What I was trying to do was set this up so that the new sharepoint server has the default site running but this is listening on port 444. Much the same way you setup external access to the sharepoint if this is all running on the sbs box. I wanted to have a rule at the firewall that will transfer any traffic on port 444 to the new server.  Then I was going to set up a cname on the webite that pointed sharepoint.company.co.uk to 1.1.1.1:444. Can I append port numbers to a record - would this work?

Or better still can I use the existing SBS sharepoint to redirect over to the new one? I want to use SSL and have two certificates ready, just haven't started the CSR process yet and only have the one gateway to work with and one single IP....apologies but I know this is bouncing around.... what is the response redirect stuff? will this work with sharepoint 2.0 on SBS?

Would a second public IP be any good?
0
 
LVL 6

Expert Comment

by:Ramone_Hamilton
Comment Utility
Response.Redirect is simply a method within the ASP.NET the platform sharepoint is build on that will redirect a page from one to another.  The other questions are unfortunately far beyond my knowledge base.
0
 
LVL 13

Assisted Solution

by:itgroove
itgroove earned 200 total points
Comment Utility
Yes, that was what I was eluding to in my first reply re: 1 to 1 NAT and unique IP's.
  1. Create an Alternate Access Mapping for your SharePoint site - something like https://publicportal.companyX.com
  2. Get your SSL cert and apply it to the AAM/zone
  3. Bind a 2nd IP to your firewall (and to your SP server if your base site is also SSL enabled, as you can't share an IP with two SSL certs both using TCP443)
  4. Publish your new SharePoint URL on the outside via your 1 to 1 NAT (or whatever method your firewall supports)
0
 
LVL 1

Author Comment

by:SeventhZen
Comment Utility
I don't have access to the additional certificates or the additional IP at the moment - a very long story.
I seem to be going round in circles with this. I have successfully setup external access to the sharepoint 2.0 services running on the Small Business Server and I naively thought I could just translate this over to the Server 2008. I wanted to simply offload the sharepoint requirements to the 2K8 box as the SBS is already busy.

Do I need to setup 3.0 on the SBS, and then forward this onto the 2k8 or can I just change the firewall rules to forward the port onto the 2k8 server? If so will this prompt or windows credentials?
0
 
LVL 6

Accepted Solution

by:
Ramone_Hamilton earned 300 total points
Comment Utility
I haven't worked alot with MOSS on 2k8 to know if you will have issues forwarding any users there, but I would assume with Windows Authentication as your authentication type and given that they are on the same Domain that this wouldn't necessarily be a problem.
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

Microsoft SharePoint Foundation 2010 and Microsoft SharePoint Server 2010 do not offer the option to configure the location of the SharePoint diagnostic trace log files during installation.  This can, however, be configured through Central Administr…
The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now