• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 719
  • Last Modified:

Does Lotus Domino have to use NAT through the firewall?

My Notes server (7.02) is configured with it's own external IP address in the Notes Network Ports\Server Configuration document.  The IP address is using NAT through the firewall (Sonicwall 2040).  Can I remove the NAT?  Can I change the External IP in the Notes Nework Ports document to the WAN Public IP?  Is there any benefit in doing so?  
0
keicy01
Asked:
keicy01
  • 2
1 Solution
 
Sjef BosmanGroupware ConsultantCommented:
Why your question, is something not working, is there a problem?

I can only tell what we always do in smaller environments: we give a server its own internal (10.x.x.x) IP-address, and in order to allow external users or servers to contact the server, port 1352 in the router is routed to this server.

A more secure setup would be a separate Domino server in a DMZ, and Domino passthru to the inside server.
0
 
keicy01Author Commented:
I am concerned about security.  We will be changing all public IPs as we are changing providers, so I thought that this would be the time to plug any security holes.  Is it less secure to have Notes Nat'd with it's own external IP or does it have to be this way?
0
 
Sjef BosmanGroupware ConsultantCommented:
Everything you're asking is in the Admin Help database. I'd never hook up a Domino server using an external IP-address. At least a router, an internal IP-address and only one port open for Notes RPC. You can make communication via that port a lot safer, by encrypting the traffic. See "Encrypting NRPC communication on a server port" in the Help db. If you think that's not safe enough, add a VPN.

Here's some good info about DMZs:
- http://www.ibm.com/developerworks/lotus/library/smtp-dmz1/
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now