Solved

Publishing IIS FTP using TMG 2010 with user AD-CA certificate authentication

Posted on 2011-03-15
11
789 Views
Last Modified: 2012-05-11
Hi All,

Is it possible to publish the IIS server 6 and 7 through TMG 2010 Standard and then securing it using the User issued certificate created by the AD-CA in my domain for the authentication ?

I just want to give access to the Windows XP users through "Add Network Place" wizard to the secure location in my company.

Thanks.
0
Comment
Question by:jjoz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 16

Assisted Solution

by:AlexPace
AlexPace earned 125 total points
ID: 35145209
Is this re-inventing the wheel?  There are several existing standards for FTP over SSL depending on if you want to encrypt the control channel, the data channel, or both.  
0
 
LVL 1

Author Comment

by:jjoz
ID: 35145792
I don't know that's why I ask here for solutions, so basically what I need is the secure file upload and download channel between the remote office and my HQ via the Internet line, the user authentication if possible must be certificate based.
0
 
LVL 10

Assisted Solution

by:simonlimon
simonlimon earned 375 total points
ID: 35146408
Why don't you use something like Sharepoint, and publish that using SSL?
0
Raise the IQ of Your IT Alerts

From IT major incidents to manufacturing line slowdowns, every business process generates insights that need to reach the people required to take action. You need a platform that integrates with your business tools to create fully enabled DevOps toolchains.

You need xMatters.

 
LVL 1

Author Comment

by:jjoz
ID: 35146856
yes I have proposed that as solution but the management refuse to implement any large implementation like that just for publishing one directory for upload and download files for remote office users.
0
 
LVL 10

Expert Comment

by:simonlimon
ID: 35146984
I don't think you can have certificate based FTP authentication. How about the remote users connect via VPN and then connect to a file share? IMO that's more secure than using FTP...
0
 
LVL 10

Expert Comment

by:simonlimon
ID: 35146992
And you can secure VPNs - L2TP using certificates..
0
 
LVL 1

Author Comment

by:jjoz
ID: 35147017
ah, ok but my current situation is like this:
Client: Windows XP
Connection: 2 MB ADSL link
Server: Windows Server 2003 DC with another server as Win2k3 TS
Juniper Firewall and VPN devices.
0
 
LVL 10

Assisted Solution

by:simonlimon
simonlimon earned 375 total points
ID: 35147092
If the Branch office is yours, i.e. your companies, why not set up an IPSEC VPN tunnel between the two offices? But the branch office would have to have a router that can set up an IPSEC tunnel.

You would probably need it anyway?

Or you can give each user VPN access?
0
 
LVL 1

Author Comment

by:jjoz
ID: 35147143
yes of course it is.
we do have CISCO VPN client connection in place, but of course we have to issue token (RSA SecurID) to the users and it is something that is rather limited in my main office.
0
 
LVL 10

Accepted Solution

by:
simonlimon earned 375 total points
ID: 35149100
I guess that is a no-no for Client VPN, but what about a LAN-LAN VPN between the main office and the branch office, provided of course that all users will access the Files from the Branch office and not the Internet, but then that will mean that those users require a VPN and a token :).

You also have the option of using Branch Cache, but as you said you don't want any new deployments.

If you ask me, I would try to setup a LAN to LAN VPN. If any user would require access to the files then you would give a token for VPN access.

I would not try using FTP...
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 35152461
Certificate based authentication for OWA , but it is the same concept:

http://blogs.technet.com/b/exchange/archive/2008/10/07/3406361.aspx?wa=wsignin1.0
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question