This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Accessing Internal Intranet From External Location

Hi all,

We are running two Sophos SG450 UTM Hardware Appliances 9.505-4) running in active-passive configuration.

I have been tasked with permitting access to our internal Intranet from locations external to our organisation. I have mostly got it working, but I've hit a hurdle that I'm hoping someone will give me a hand to get over.

The Intranet site, let's call it assist.domain.com can be accessed fine, as long as the URL begins with assit.domain.com. However, there are other resources, let's call them cdn.domain.com and profiles.domain.com which are referenced from the Intranet site. These are also on our internal network but I cannot access these links. These resources are located on separate servers from the one hosting our Intranet site.

Could someone please point me in the right direction as to how I may resolve this issue? Is it a case creating separate Real Webservers (and corresponding Virtual Webservers) for each of these resources or can Request Redirection aid in this.

I have Reverse Authentication working on the primary Intranet site but do not want to keep inputting usernames and passwords when accessing the additional resources.

Any help/suggestions would be much appreciated.

Best regards,

John P



This thread was automatically locked due to age.
Parents
  • You need to switch to a technology that can access your whole network.  

    Options are SSL VPN client, html5 VPN to rdp (Which requires a personal desktop or terminal server),  html5 vpn to web page (which runs a very old version of firefox on the user's behalf), or a non-UTM solution like VMware Horizon View.

    Bob Alfson, who knows nearly all about UTM, warns that HTML5 to RDP is high overhead and not intended for more than a very few users.

  • Hi Douglas,

    Thank you for taking the time to respond to my query.

    Can't say that I'm not a tad disappointed in the inability of the UTM Appliance to handle what appears to be a pretty standard requirement. After all, it isn't beyond the realms of reason that an internal Intranet site draws some content from other internal resources.

    Our current method of accessing the Intranet from external locations is via a Microsoft UAG Portal. The web application within the portal has no problem accessing internal resources outside the main Intranet site.

    Looks like we'll have to stick with that discontinued solution for the foreseeable future.

    Best regards,

    John P

    2 x SG450 (Version 9.714-4)

    HA = Active-Passive

Reply
  • Hi Douglas,

    Thank you for taking the time to respond to my query.

    Can't say that I'm not a tad disappointed in the inability of the UTM Appliance to handle what appears to be a pretty standard requirement. After all, it isn't beyond the realms of reason that an internal Intranet site draws some content from other internal resources.

    Our current method of accessing the Intranet from external locations is via a Microsoft UAG Portal. The web application within the portal has no problem accessing internal resources outside the main Intranet site.

    Looks like we'll have to stick with that discontinued solution for the foreseeable future.

    Best regards,

    John P

    2 x SG450 (Version 9.714-4)

    HA = Active-Passive

Children
  • I cannot justify why they have not updated HTML5 VPN Web resource to use a current browser.   I cannot help wondering if the code was inherited in the Astaro acquisition but nobody understands it well enough anymore to make it current.   It would be the solution you want.

    WAF is for protecting a website from hostile web queries.   For that function, you need a WAF virtual webserver for each real website.  If you are letting people into your internal network, you are probably not very worried about hostile queries.