Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » KFW on a Domain Server vs Workgroup.
  •  
macswork

Messages: 2
Karma: 0
Send a private message to this user
I have had KWF in operation for some time, running on a W2K3 server. I have a w2K3 AD domain behind the firewall. The server is a not a domain member server.
Workgroup = myDomainName.com rather than Domain = myDomainName.com

I am interested in the pro's and con's of the server being a Domain Member Server. The main advantage I know of in going as a Domain Member Server is that I can use the AD for authentication.

However, I am nervous of putting the domain that close to the internet. There is no longer a physical seperation of domain computers from the internet. Any opinions?

Pat.
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
The firewall is hardware and it seperates your domain from the internet. On the hardware is software that acts like there is no gap (for the packets that are allowed to pass). So you have hardware to fysically seperate and add software to undo the effect. If the firewall is a domain member or not is not so important. Important is how good the firewall is configured (how well protected is the internet interface). A bad configured firewall is much much worse. If you login on the firewall you do not have to do that with a domain user. You can use a local user for that. Futhermore you can configure the traffic rules to protect the lan interface also (access from firewall to lan). Only allow traffic from firewall to lan that is needed, also only allow traffic from lan to firewaal that is needed.
Previous Topic: Clientless SSL VPN
Next Topic: Paltalk voice no work with PPPoE connection in Winroute firewall ?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Nov 19 11:33:09 CET 2017

Total time taken to generate the page: 0.00484 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.