SBS 2011 Securing Port 443 on firewall so only one External IP can access

Hi Guys

On scanning my public IP address I noticed that port 443 was open using port forwarding.  This is obviously for owa and remote workplace etc but I was wondering if there was a way I could secure it more.

Is there away that I could say by a domain name say remote.com and then have a forwarder setup with my hosting company to my public IP address.  I then could make a rule to only accept ip traffic from 1 ip address ie my hosting company and block all other access from all other traffic?  I have setup my firewall to report of any DOS attacks etc and I am getting loads of them and want to make my business more secure.

Regards

Simon
cybersiAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David AtkinTechnical DirectorCommented:
Have you considered using a VPN for your remote clients and then removing the port 443 NAT rule to stop external access?
0
cybersiAuthor Commented:
Yes we use VPN already but some of our external uses love the remote work place
0
tmoore1962Commented:
If your VPN client connects to the router then you can still use remote work place, just connect vpn and then use the internal address used to connect to the remote workplace.
0
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

cybersiAuthor Commented:
Is there not away to do it as mentioned above?
0
cybersiAuthor Commented:
Is there not away to do it as mentioned above?
0
David AtkinTechnical DirectorCommented:
Another option would be to change the HTTPS port on the router to another port number.
0
David AtkinTechnical DirectorCommented:
Looking at using a https proxy server may also be an option but I think it would be difficult to maintain in my opinion.
0
cybersiAuthor Commented:
Sorry I have never heard of that. How does it work?
0
David AtkinTechnical DirectorCommented:
Do some googling on it.  Basically HTTPS requests are send via another server.  Providing that your clients are using the proxy server then you MAY be able to setup the NAT rule to specify the proxy IP Address.

I've never attempted it myself though.  Not entirely sure if it will work like that...

Your better option is to get the remote users using a VPN or change the HTTPS Port on the router.  

In most instances though I tend to leave everything as standard.  Providing your users have decent passwords and the server is up-to-date then it is fairly secure.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.