Go Back   TechArena Community > Technology > Networking & Security
Become a Member!
Forgot your username/password?
Register Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



Council for Clarkconnect implementation

Networking & Security


Reply
 
Thread Tools Search this Thread
  #1  
Old 18-11-2009
Member
 
Join Date: May 2009
Posts: 640
Council for Clarkconnect implementation
  

I will set up Clarkconnect community 5 (firewall and SMTP relay on the same machine) for about 150 users with a hardware configuration appropriate recommendations in accordance with Clarkconnect.

I thought to do as follows:
Internet - Firewall and SMTP relay Clarkconnect - Appliance Security Trend Micro AS, AV, Content Filtering - Network LAN

The security appliance is still valid and is installed in "pass through" between CConnection LAN side and the rest of the network (no DMZ in this configuration). The advantage of this appliance is that it will save me from overloading Clarkconnect with SpamAssassin, the AV ...

I want to use the SMTP relay on Clarkconnect because I do not want to translate port 25 on my Domino server that is on the LAN.

My question is:
What do you think of my config? Is DMZ more suitable?

Reply With Quote
  #2  
Old 18-11-2009
Member
 
Join Date: May 2008
Posts: 945
Re: Council for Clarkconnect implementation

To remain neutral, we say that it is a strange configuration. But not very safe for 150 users. Many of us have said here that architecture should be healthy for a configuration with an SMTP relay. I do not really want to repeat for the nth time that post. I will be brief.

The firewall: to be strictly a firewall. Running an smtp relay (grouping or proxy) is a very bad idea. Especially with 150 users.

The relay should be dmz. Clarckconnect works well, its a good choice for this work.
Quote:
I do not want to translate port 25 on my Domino server that is on the LAN.
I do not see the problem and in fact I do not understand what you mean.

In short: use a real firewall, use a DMZ, to place the smtp relay Clarckconnect leave the Domino server lan if you want.
Reply With Quote
  #3  
Old 18-11-2009
Member
 
Join Date: May 2009
Posts: 640
Re: Council for Clarkconnect implementation

Quote:
The firewall: to be strictly a firewall. Running an smtp relay (grouping or proxy) is a very bad idea. Especially with 150 users.

The relay should be dmz. Clarckconnect works well, its a good choice for this work.
A little history, I forgot to mention that I think make this same machine a proxy server. In fact I am looking for solutions reassuring that's why I asked for advice before anything else.

So knowing that I also have a proxy is that it should move towards an architecture of type:

1 firewall machine
and in the DMZ
1 relay SMTP
1 proxy server (right?)

Which means that I should put up 3 machines?

Quote:
I do not see the problem and in fact I do not understand what you mean.
To form a question: Is this a good idea to transfer port 25 to the Domino server on the lan or is it better for me to go through an SMTP relay?
Reply With Quote
  #4  
Old 18-11-2009
Member
 
Join Date: May 2008
Posts: 945
Re: Council for Clarkconnect implementation

Like many, you start thinking in terms of hardware, software, solutions ie, before even having identified all parameters of the problem, ie your needs for security and services to users. For a structure of 150 people it does not seem possible, and even less sure of how the economy of this work.

The assembly must be designed globally, according to a required level of safety and risk that we will be evaluated and prioritized.

From there my answer to your question is rather superficial and not worth more than your upstream work. This one is limited, my answer is of poor quality.

Quote:
So knowing that I also have a proxy is that it should move towards an architecture of type:

1 firewall machine
and in the DMZ
1 relay SMTP
1 proxy server (right?)

Which means that I should put up 3 machines?
If one dmz should (?) while proxy and SMTP relay in the DMZ. Proxy and SMTP relay can be mounted each in a virtual machine on an ESX 3.5 or 4. Partitioning by vlan desirable in the dmz.

There is nothing to say that it suits your needs, simply because we do not know.
Reply With Quote
Reply

  TechArena Community > Technology > Networking & Security
Tags: , , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "Council for Clarkconnect implementation"
Thread Thread Starter Forum Replies Last Post
Council for RAM on Asus P5K Baazigar Motherboard Processor & RAM 4 04-11-2009 03:54 PM
Council about processors suitable for AM3 platform Abdullah30 Motherboard Processor & RAM 5 02-11-2009 11:03 PM
ClarkConnect 5.0 - Beta 3 Released Lillebror Operating Systems 2 09-05-2009 11:57 AM
ClarkConnect 5.0 Beta 2 released SmirnOFF Operating Systems 3 03-04-2009 11:58 PM
What is Student's Council? MandarM Education Career and Job Discussions 2 21-02-2009 04:46 PM


All times are GMT +5.5. The time now is 09:50 AM.