Solved

SBS 2011 Securing Port 443 on firewall so only one External IP can access

Posted on 2015-02-11
9
297 Views
Last Modified: 2015-02-12
Hi Guys

On scanning my public IP address I noticed that port 443 was open using port forwarding.  This is obviously for owa and remote workplace etc but I was wondering if there was a way I could secure it more.

Is there away that I could say by a domain name say remote.com and then have a forwarder setup with my hosting company to my public IP address.  I then could make a rule to only accept ip traffic from 1 ip address ie my hosting company and block all other access from all other traffic?  I have setup my firewall to report of any DOS attacks etc and I am getting loads of them and want to make my business more secure.

Regards

Simon
0
Comment
Question by:cybersi
  • 4
  • 4
9 Comments
 
LVL 22

Expert Comment

by:David Atkin
ID: 40603662
Have you considered using a VPN for your remote clients and then removing the port 443 NAT rule to stop external access?
0
 

Author Comment

by:cybersi
ID: 40603784
Yes we use VPN already but some of our external uses love the remote work place
0
 
LVL 10

Expert Comment

by:tmoore1962
ID: 40603988
If your VPN client connects to the router then you can still use remote work place, just connect vpn and then use the internal address used to connect to the remote workplace.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:cybersi
ID: 40604153
Is there not away to do it as mentioned above?
0
 

Author Comment

by:cybersi
ID: 40604155
Is there not away to do it as mentioned above?
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 40604198
Another option would be to change the HTTPS port on the router to another port number.
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 40604211
Looking at using a https proxy server may also be an option but I think it would be difficult to maintain in my opinion.
0
 

Author Comment

by:cybersi
ID: 40604549
Sorry I have never heard of that. How does it work?
0
 
LVL 22

Accepted Solution

by:
David Atkin earned 500 total points
ID: 40605323
Do some googling on it.  Basically HTTPS requests are send via another server.  Providing that your clients are using the proxy server then you MAY be able to setup the NAT rule to specify the proxy IP Address.

I've never attempted it myself though.  Not entirely sure if it will work like that...

Your better option is to get the remote users using a VPN or change the HTTPS Port on the router.  

In most instances though I tend to leave everything as standard.  Providing your users have decent passwords and the server is up-to-date then it is fairly secure.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco ASA 5506W VPN Clients not seeing local network 12 67
port redirection on cisco asa 5520 5 28
Opening Ports for Specific LAN IP Address on Juniper SRX240 3 46
DNS zone 3 49
I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question