SMS 2003 and firewall
- From: "wolfi" <wolfgang.schmidt@xxxxxxxxxxxxx>
- Date: 12 Jan 2006 03:31:33 -0800
We use SMS 2003 SP1, Advanced Security with SMS schema extensions. We
wan't to use sms package distribution to advanced clients over a VPN.
The Windows XP Clients connect to our company to a DMZ. The firewall
team wants to know which ports they have to open from DMZ to our inside
corporate network. In the other direction everything is allowed.
We have an central site an a few primary sites under this site. Our
Site located in Munich is the site where the central site (RMN,
contains only packages and no clients) and one of the primary sites
(MUC) is located. Every dialin in the whole company using VPN is only
possible in Munich.
I plan to install a distribution point in the DMZ and protect it to VPN
ap addresses.a BITS will be enabled for installing the packages. This
distribution point will be assigned to the Site MUC. I will protect
this distrbution point the the vpn ip adresses. I will assign the VPN
ip adresses to the roaming boundaries of site MUC.
My question:
There will be problems to find the managament points because of the
firewall during software installation . The firewall team will not
enable any LDAP traffic from DMZ to LAN (WINS Server in DMZ as
substitute?). I can move the management point role from the SMS
Siteserver of site MUC to a server in the DMZ, because all traffic from
LAN To DMZ is allowed. The VPN clients can connect to this management
point, too.
But what can I do to support the clients of NBG. I cannot move the
Managemement Point of NBG to the DMZ in München. ))). Is there any
need for a client of NBG to find its assigned management point in NBG
to start a program?
Any idea is welcome...
.
- Prev by Date: Re: return code of .vbs
- Next by Date: Re: SMS error and ISA
- Previous by thread: SMS error and ISA
- Next by thread: sms - office xp fails to install on windows xp and 2003
- Index(es):
Relevant Pages
|
Loading
