Solved

Publishing IIS FTP using TMG 2010 with user AD-CA certificate authentication

Posted on 2011-03-15
11
783 Views
Last Modified: 2012-05-11
Hi All,

Is it possible to publish the IIS server 6 and 7 through TMG 2010 Standard and then securing it using the User issued certificate created by the AD-CA in my domain for the authentication ?

I just want to give access to the Windows XP users through "Add Network Place" wizard to the secure location in my company.

Thanks.
0
Comment
Question by:jjoz
11 Comments
 
LVL 16

Assisted Solution

by:AlexPace
AlexPace earned 125 total points
ID: 35145209
Is this re-inventing the wheel?  There are several existing standards for FTP over SSL depending on if you want to encrypt the control channel, the data channel, or both.  
0
 
LVL 1

Author Comment

by:jjoz
ID: 35145792
I don't know that's why I ask here for solutions, so basically what I need is the secure file upload and download channel between the remote office and my HQ via the Internet line, the user authentication if possible must be certificate based.
0
 
LVL 10

Assisted Solution

by:simonlimon
simonlimon earned 375 total points
ID: 35146408
Why don't you use something like Sharepoint, and publish that using SSL?
0
 
LVL 1

Author Comment

by:jjoz
ID: 35146856
yes I have proposed that as solution but the management refuse to implement any large implementation like that just for publishing one directory for upload and download files for remote office users.
0
 
LVL 10

Expert Comment

by:simonlimon
ID: 35146984
I don't think you can have certificate based FTP authentication. How about the remote users connect via VPN and then connect to a file share? IMO that's more secure than using FTP...
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 10

Expert Comment

by:simonlimon
ID: 35146992
And you can secure VPNs - L2TP using certificates..
0
 
LVL 1

Author Comment

by:jjoz
ID: 35147017
ah, ok but my current situation is like this:
Client: Windows XP
Connection: 2 MB ADSL link
Server: Windows Server 2003 DC with another server as Win2k3 TS
Juniper Firewall and VPN devices.
0
 
LVL 10

Assisted Solution

by:simonlimon
simonlimon earned 375 total points
ID: 35147092
If the Branch office is yours, i.e. your companies, why not set up an IPSEC VPN tunnel between the two offices? But the branch office would have to have a router that can set up an IPSEC tunnel.

You would probably need it anyway?

Or you can give each user VPN access?
0
 
LVL 1

Author Comment

by:jjoz
ID: 35147143
yes of course it is.
we do have CISCO VPN client connection in place, but of course we have to issue token (RSA SecurID) to the users and it is something that is rather limited in my main office.
0
 
LVL 10

Accepted Solution

by:
simonlimon earned 375 total points
ID: 35149100
I guess that is a no-no for Client VPN, but what about a LAN-LAN VPN between the main office and the branch office, provided of course that all users will access the Files from the Branch office and not the Internet, but then that will mean that those users require a VPN and a token :).

You also have the option of using Branch Cache, but as you said you don't want any new deployments.

If you ask me, I would try to setup a LAN to LAN VPN. If any user would require access to the files then you would give a token for VPN access.

I would not try using FTP...
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 35152461
Certificate based authentication for OWA , but it is the same concept:

http://blogs.technet.com/b/exchange/archive/2008/10/07/3406361.aspx?wa=wsignin1.0
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now