Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » LDAP Between LANs
  •  
gskibum

Messages: 37
Karma: 1
Send a private message to this user
I am setting up a set of web servers inside a single network, each with a unique public IP.

Each of these servers will need to contact their respective LDAP servers in remote networks. All of these networks are using Kerio Control firewalls.

I am trying to set up rules that will restrict LDAP & LDAPS communication between the web servers and their home office LDAP servers.

I can easily get a rule that opens up LDAP & LDAPS to the WAN to work, but that isn't secure enough.

Any suggestions?

Thank you!
  •  
mlee (Kerio)

Messages: 246
Karma: 16
Send a private message to this user
I assume you have tried using your webservers' IPs and LDAP servers' IPs as source and destination in separate traffic rules and they do not work?

M.

PTSD. BP. OCD. ASPD. BPD. Certified.
  •  
gskibum

Messages: 37
Karma: 1
Send a private message to this user
I think so, if you mean separate rules on the different firewalls. That I have tried. If you mean both rules on the same firewall then I have not barked up that tree yet. And I don't know where the tree is!

Edit:

What I can get to work in a rather wide-open fashion:

Source: Any.
Destination: Public IP of LDAP host.
Service: LDAP & LDAPS.
Translation: MAP - IP of LDAP server or MAP - FQDN of LDAP server.

Beyond that I break it.

[Updated on: Tue, 05 August 2014 06:41]

  •  
mlee (Kerio)

Messages: 246
Karma: 16
Send a private message to this user
And if the source being the public IP address of the web server, what would be the result?

M.

PTSD. BP. OCD. ASPD. BPD. Certified.
Previous Topic: Found a bug in Control
Next Topic: Account Limit for Hosts?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Oct 24 13:08:26 CEST 2017

Total time taken to generate the page: 0.00451 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.