Solved

Publishing IIS FTP using TMG 2010 with user AD-CA certificate authentication

Posted on 2011-03-15
11
784 Views
Last Modified: 2012-05-11
Hi All,

Is it possible to publish the IIS server 6 and 7 through TMG 2010 Standard and then securing it using the User issued certificate created by the AD-CA in my domain for the authentication ?

I just want to give access to the Windows XP users through "Add Network Place" wizard to the secure location in my company.

Thanks.
0
Comment
Question by:jjoz
11 Comments
 
LVL 16

Assisted Solution

by:AlexPace
AlexPace earned 125 total points
ID: 35145209
Is this re-inventing the wheel?  There are several existing standards for FTP over SSL depending on if you want to encrypt the control channel, the data channel, or both.  
0
 
LVL 1

Author Comment

by:jjoz
ID: 35145792
I don't know that's why I ask here for solutions, so basically what I need is the secure file upload and download channel between the remote office and my HQ via the Internet line, the user authentication if possible must be certificate based.
0
 
LVL 10

Assisted Solution

by:simonlimon
simonlimon earned 375 total points
ID: 35146408
Why don't you use something like Sharepoint, and publish that using SSL?
0
 
LVL 1

Author Comment

by:jjoz
ID: 35146856
yes I have proposed that as solution but the management refuse to implement any large implementation like that just for publishing one directory for upload and download files for remote office users.
0
 
LVL 10

Expert Comment

by:simonlimon
ID: 35146984
I don't think you can have certificate based FTP authentication. How about the remote users connect via VPN and then connect to a file share? IMO that's more secure than using FTP...
0
[Webinar] Disaster Recovery and Cloud Management

Learn from Unigma and CloudBerry industry veterans which providers are best for certain use cases and how to lower cloud costs, how to grow your Managed Services practice in IaaS clouds, and how to utilize public cloud for Disaster Recovery

 
LVL 10

Expert Comment

by:simonlimon
ID: 35146992
And you can secure VPNs - L2TP using certificates..
0
 
LVL 1

Author Comment

by:jjoz
ID: 35147017
ah, ok but my current situation is like this:
Client: Windows XP
Connection: 2 MB ADSL link
Server: Windows Server 2003 DC with another server as Win2k3 TS
Juniper Firewall and VPN devices.
0
 
LVL 10

Assisted Solution

by:simonlimon
simonlimon earned 375 total points
ID: 35147092
If the Branch office is yours, i.e. your companies, why not set up an IPSEC VPN tunnel between the two offices? But the branch office would have to have a router that can set up an IPSEC tunnel.

You would probably need it anyway?

Or you can give each user VPN access?
0
 
LVL 1

Author Comment

by:jjoz
ID: 35147143
yes of course it is.
we do have CISCO VPN client connection in place, but of course we have to issue token (RSA SecurID) to the users and it is something that is rather limited in my main office.
0
 
LVL 10

Accepted Solution

by:
simonlimon earned 375 total points
ID: 35149100
I guess that is a no-no for Client VPN, but what about a LAN-LAN VPN between the main office and the branch office, provided of course that all users will access the Files from the Branch office and not the Internet, but then that will mean that those users require a VPN and a token :).

You also have the option of using Branch Cache, but as you said you don't want any new deployments.

If you ask me, I would try to setup a LAN to LAN VPN. If any user would require access to the files then you would give a token for VPN access.

I would not try using FTP...
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 35152461
Certificate based authentication for OWA , but it is the same concept:

http://blogs.technet.com/b/exchange/archive/2008/10/07/3406361.aspx?wa=wsignin1.0
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now