Solved

Publishing IIS FTP using TMG 2010 with user AD-CA certificate authentication

Posted on 2011-03-15
11
786 Views
Last Modified: 2012-05-11
Hi All,

Is it possible to publish the IIS server 6 and 7 through TMG 2010 Standard and then securing it using the User issued certificate created by the AD-CA in my domain for the authentication ?

I just want to give access to the Windows XP users through "Add Network Place" wizard to the secure location in my company.

Thanks.
0
Comment
Question by:jjoz
11 Comments
 
LVL 16

Assisted Solution

by:AlexPace
AlexPace earned 125 total points
ID: 35145209
Is this re-inventing the wheel?  There are several existing standards for FTP over SSL depending on if you want to encrypt the control channel, the data channel, or both.  
0
 
LVL 1

Author Comment

by:jjoz
ID: 35145792
I don't know that's why I ask here for solutions, so basically what I need is the secure file upload and download channel between the remote office and my HQ via the Internet line, the user authentication if possible must be certificate based.
0
 
LVL 10

Assisted Solution

by:simonlimon
simonlimon earned 375 total points
ID: 35146408
Why don't you use something like Sharepoint, and publish that using SSL?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 1

Author Comment

by:jjoz
ID: 35146856
yes I have proposed that as solution but the management refuse to implement any large implementation like that just for publishing one directory for upload and download files for remote office users.
0
 
LVL 10

Expert Comment

by:simonlimon
ID: 35146984
I don't think you can have certificate based FTP authentication. How about the remote users connect via VPN and then connect to a file share? IMO that's more secure than using FTP...
0
 
LVL 10

Expert Comment

by:simonlimon
ID: 35146992
And you can secure VPNs - L2TP using certificates..
0
 
LVL 1

Author Comment

by:jjoz
ID: 35147017
ah, ok but my current situation is like this:
Client: Windows XP
Connection: 2 MB ADSL link
Server: Windows Server 2003 DC with another server as Win2k3 TS
Juniper Firewall and VPN devices.
0
 
LVL 10

Assisted Solution

by:simonlimon
simonlimon earned 375 total points
ID: 35147092
If the Branch office is yours, i.e. your companies, why not set up an IPSEC VPN tunnel between the two offices? But the branch office would have to have a router that can set up an IPSEC tunnel.

You would probably need it anyway?

Or you can give each user VPN access?
0
 
LVL 1

Author Comment

by:jjoz
ID: 35147143
yes of course it is.
we do have CISCO VPN client connection in place, but of course we have to issue token (RSA SecurID) to the users and it is something that is rather limited in my main office.
0
 
LVL 10

Accepted Solution

by:
simonlimon earned 375 total points
ID: 35149100
I guess that is a no-no for Client VPN, but what about a LAN-LAN VPN between the main office and the branch office, provided of course that all users will access the Files from the Branch office and not the Internet, but then that will mean that those users require a VPN and a token :).

You also have the option of using Branch Cache, but as you said you don't want any new deployments.

If you ask me, I would try to setup a LAN to LAN VPN. If any user would require access to the files then you would give a token for VPN access.

I would not try using FTP...
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 35152461
Certificate based authentication for OWA , but it is the same concept:

http://blogs.technet.com/b/exchange/archive/2008/10/07/3406361.aspx?wa=wsignin1.0
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question