Hi, read this FAQ from RAPTOR it could be useful for you.... http://www.raptor.com/cs/FAQ/entv5gsp_lotusnotes.html This FAQ discusses how to configure either inbound or outbound Lotus-Notes access through the EagleNT 5.0 firewall by creating a GSP and a rule. Configuration steps for Lotus-Notes access: Before discussing the actual configuration procedure, you should understand that transparent outbound network operation of the EagleNT firewall requires three network criteria: (1) All inside hosts must set their default route/gateway to the inside IP address of the EagleNT firewall, or to a router whose default route/gateway gets to the inside IP address of the EagleNT firewall. (Reference from: EagleNT 5.0 preinstall checks) (2) All inside hosts and the firewall must have access to DNS name resolution. (Reference from: EagleNT 5.0 postinstall checks) (3) The default route/gateway on the firewall must point to the IP address of the router that is connected to the Internet. (Reference from: EagleNT 5.0 preinstall checks) Configuring Lotus-Notes access requires three general steps, all of which can be accomplished in the Hawk configuration GUI. The following is a brief overview of these steps: (1) A protocol definition for Lotus-Notes must be created. The protocol definition tells the GSP what ports and transport protocol (UDP or TCP) need to be managed. (2) A GSP must be created to proxy the Lotus-Notes traffic. (3) An authorization rule must be created to govern the GSP's operation. The following detailed procedure describes how these steps are accomplished: (1) Invoke the HAWK configuration GUI (start> programs> Raptor Eagle> Hawk 5.0). The Eagle Administration window should appear. Enter the gateway password if running RemoteHawk, or managing another EagleNT firewall from the local firewall. Press the connect button. The Hawk toolbar should appear. (2) Perform the following steps to create a protocol definition for IRC. Press the protocols button on the Hawk toolbar. The protocols window should appear. Enter the name TCP1352_NOTES in the name field. Enter an appropriate description in the description field. Use the pulldown arrow in the protocol field to highlight and select TCP. Enter 1352 in the destination port field. Enter 1024-65535 in the source port range field. Press the create button to store the protocol definition. Press the close button to dismiss the protocols window. (3) Perform the following steps to create the GSP for Lotus-Notes. Press the GSP services button on the HAWK toolbar. The GSP Services window should appear. Enter gsp.notes in the name field. Enter an appropriate description in the description field. Use the pulldown arrow on the App Protocol field to select TCP1352_NOTES. For inbound access: Enter the IP address of the Lotus-Notes server behind the firewall in the To Server field. For outbound access: Leave the To Server field empty. For both: Enter the IP address of the Lotus-Notes server behind the firewall in the To Server field. Leave the on port field empty. Press the create button to store the GSP in HAWK's configuration files. Press the close button to dismiss the GSP Services window. (4) A rule must be created to allow authorized clients to pass traffic via the Lotus-Notes GSP. If you want bidirectional Lotus-Notes access two rules will be required - one for inbound access, and another one for outbound access. For the sake of general illustration the following procedure will guide you through creating an interface-based rule that allows either all users on the protected (inside) network to access Lotus-Notes servers outside the firewall, or users outside the firewall to access a specific Lotus-Notes server behind the firewall (the specific server is denoted by the IP address in the GSP's To Server field). You can also perform this procedure twice i.e. once to create an inbound rule, and the second time to create an outbound rule. Use the following procedure to create an authorization rule for Lotus-Notes access: Press the rules button on the Hawk toolbar. The rules window should appear. Ensure that ALL is displayed in the For field. Ensure that the permit certain access radio button is lit. Use the Connections FROM scrollbar to locate and select the name of the appropriate NIC on the firewall. For outbound access select the name of the firewall's inside NIC. For inbound access select the name of the firewall's outside NIC. Refer to the Interface Properties window if you do not know which NIC is connected to the inside or outside network (Gateway> Configure> Interface Properties). Hint: You are selecting the interface connected to the network where the traffic originates from, which is obviously where the connections from scrollbar derives its name. Use the TO scrollbar to locate and select the Universe* entity. Use the Services and Protocols NOT included scrollbar to locate and highlight the gsp.notes, and then press the right arrow to move it to the INCLUDED window. Ensure that the Permit Users, Permit Groups, Deny Users, and Deny Groups sections are empty. Ensure that NONE appears in the authenticate using field. Using any authentication type will cause the GSP to fail. Press the create button and then select save from the file pulldown menu (up top) to post the rule to the gateway. Press the yes button in response to the query: Do you want to update the gateway with the new rule information? Press the OK button on the dialogue box: The gateway has been reconfigured. Press the close button to dismiss the rules window. Configuring Lotus-Notes access is now complete. Best regards Manuel Gil GE Capital IT Solutions , S.L. System Engineering Edif. Torre Serrano C./ Serrano 47, Madrid 28001, Spain Phone: +34 91 4368838/00, Fax: +34 91 5769883, Mobile: 909 457616 Internet: Manuel.Gil@GECITS-EU.COM
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:59:52 PDT