Is it not insecure passing it straight to the server?
This is the workaround posted by another forum member:
1. Bounded additional IP address to existing LAN connection on Windows server hosting Sharepoint services.
2. Sharepoint Central Administration -> Application Management -> Create or Extend Web Application -> Extend an existing Web application: - Web Application: Sharepoint-80 - Create a new IIS web site: Sharepoint-UTM - Port: random - Host Header: none - Authentication provider: NTLM - Allow Anonymous: No - Use Secure Sockets Layer (SSL): No - Zone: Custom
3. Sharepoint Central Administration -> Operations > Alternate Access Mappings: - Changed "URL protocol, host and port" to public DNS FQDN (http://portal.company.com) - Changed Zone to Default
4. Edited IIS Sharepoint-UTM web site properties: - IP address: additional IP address defined earlier - TCP port: 80 - Directory security -> Authentication methods: * Only Basic authentication selected * Default domain/Realm: internal AD DNS name
5. UTM Webserver Protection: - Created new Real Webserver definition with internal additional Sharepoint server IP address and port 80 - Created new Virtual Webserver definition: * Interface: External UTM address * Type: Encrypted (HTTPS) & Redirect * Port: 443 * Certificate: SSL certificate from public CA, previously imported on UTM * Domains: public FQDN from SSL certificate * Real Webservers: Sharepoint * Firewall profile: No profile (this should be changed after succesfull testing to more restrictive one) * Pass Host Header selected
6. UTM Reverse Authentication: - Created new Form Template named "Sharepoint" and uploaded custom html and css files (more info on this in another forum thread - Reverse Auth - Custom Form Template) - Created new Authentication Profile: * Virtual Webserver _ Name: Sharepoint Reverse _Mode: Form _Form Template: Sharepoint _Users/Groups: Active Directory Users * Real Webserver _ Mode: Basic _User name affix: none * User session (as desired) _ Session Timeout: 60 minutes _Session Lifetime: Deselected - Edited Site Path Routhing properties for Sharepoint virtual webserver and changed Reverse Authentication parameter to "Sharepoint Reverse" profile.
Is it not insecure passing it straight to the server?
This is the workaround posted by another forum member:
1. Bounded additional IP address to existing LAN connection on Windows server hosting Sharepoint services.
2. Sharepoint Central Administration -> Application Management -> Create or Extend Web Application -> Extend an existing Web application: - Web Application: Sharepoint-80 - Create a new IIS web site: Sharepoint-UTM - Port: random - Host Header: none - Authentication provider: NTLM - Allow Anonymous: No - Use Secure Sockets Layer (SSL): No - Zone: Custom
3. Sharepoint Central Administration -> Operations > Alternate Access Mappings: - Changed "URL protocol, host and port" to public DNS FQDN (http://portal.company.com) - Changed Zone to Default
4. Edited IIS Sharepoint-UTM web site properties: - IP address: additional IP address defined earlier - TCP port: 80 - Directory security -> Authentication methods: * Only Basic authentication selected * Default domain/Realm: internal AD DNS name
5. UTM Webserver Protection: - Created new Real Webserver definition with internal additional Sharepoint server IP address and port 80 - Created new Virtual Webserver definition: * Interface: External UTM address * Type: Encrypted (HTTPS) & Redirect * Port: 443 * Certificate: SSL certificate from public CA, previously imported on UTM * Domains: public FQDN from SSL certificate * Real Webservers: Sharepoint * Firewall profile: No profile (this should be changed after succesfull testing to more restrictive one) * Pass Host Header selected
6. UTM Reverse Authentication: - Created new Form Template named "Sharepoint" and uploaded custom html and css files (more info on this in another forum thread - Reverse Auth - Custom Form Template) - Created new Authentication Profile: * Virtual Webserver _ Name: Sharepoint Reverse _Mode: Form _Form Template: Sharepoint _Users/Groups: Active Directory Users * Real Webserver _ Mode: Basic _User name affix: none * User session (as desired) _ Session Timeout: 60 minutes _Session Lifetime: Deselected - Edited Site Path Routhing properties for Sharepoint virtual webserver and changed Reverse Authentication parameter to "Sharepoint Reverse" profile.
