• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 792
  • Last Modified:

Publishing IIS FTP using TMG 2010 with user AD-CA certificate authentication

Hi All,

Is it possible to publish the IIS server 6 and 7 through TMG 2010 Standard and then securing it using the User issued certificate created by the AD-CA in my domain for the authentication ?

I just want to give access to the Windows XP users through "Add Network Place" wizard to the secure location in my company.

Thanks.
0
jjoz
Asked:
jjoz
4 Solutions
 
AlexPaceCommented:
Is this re-inventing the wheel?  There are several existing standards for FTP over SSL depending on if you want to encrypt the control channel, the data channel, or both.  
0
 
jjozAuthor Commented:
I don't know that's why I ask here for solutions, so basically what I need is the secure file upload and download channel between the remote office and my HQ via the Internet line, the user authentication if possible must be certificate based.
0
 
simonlimonCommented:
Why don't you use something like Sharepoint, and publish that using SSL?
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
jjozAuthor Commented:
yes I have proposed that as solution but the management refuse to implement any large implementation like that just for publishing one directory for upload and download files for remote office users.
0
 
simonlimonCommented:
I don't think you can have certificate based FTP authentication. How about the remote users connect via VPN and then connect to a file share? IMO that's more secure than using FTP...
0
 
simonlimonCommented:
And you can secure VPNs - L2TP using certificates..
0
 
jjozAuthor Commented:
ah, ok but my current situation is like this:
Client: Windows XP
Connection: 2 MB ADSL link
Server: Windows Server 2003 DC with another server as Win2k3 TS
Juniper Firewall and VPN devices.
0
 
simonlimonCommented:
If the Branch office is yours, i.e. your companies, why not set up an IPSEC VPN tunnel between the two offices? But the branch office would have to have a router that can set up an IPSEC tunnel.

You would probably need it anyway?

Or you can give each user VPN access?
0
 
jjozAuthor Commented:
yes of course it is.
we do have CISCO VPN client connection in place, but of course we have to issue token (RSA SecurID) to the users and it is something that is rather limited in my main office.
0
 
simonlimonCommented:
I guess that is a no-no for Client VPN, but what about a LAN-LAN VPN between the main office and the branch office, provided of course that all users will access the Files from the Branch office and not the Internet, but then that will mean that those users require a VPN and a token :).

You also have the option of using Branch Cache, but as you said you don't want any new deployments.

If you ask me, I would try to setup a LAN to LAN VPN. If any user would require access to the files then you would give a token for VPN access.

I would not try using FTP...
0
 
Suliman Abu KharroubIT Consultant Commented:
Certificate based authentication for OWA , but it is the same concept:

http://blogs.technet.com/b/exchange/archive/2008/10/07/3406361.aspx?wa=wsignin1.0
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now