GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » GFI User Forums » Kerio Control » LDAP Between LANs
LDAP Between LANs [message #115272] Tue, 05 August 2014 05:07 Go to next message
gskibum is currently offline  gskibum
Messages: 60
Registered: October 2011
I am setting up a set of web servers inside a single network, each with a unique public IP.

Each of these servers will need to contact their respective LDAP servers in remote networks. All of these networks are using Kerio Control firewalls.

I am trying to set up rules that will restrict LDAP & LDAPS communication between the web servers and their home office LDAP servers.

I can easily get a rule that opens up LDAP & LDAPS to the WAN to work, but that isn't secure enough.

Any suggestions?

Thank you!

Report message to a moderator

Re: LDAP Between LANs [message #115273 is a reply to message #115272] Tue, 05 August 2014 05:58 Go to previous messageGo to next message
mlee (Kerio)
Messages: 211
Registered: October 2012
Location: Sydney
I assume you have tried using your webservers' IPs and LDAP servers' IPs as source and destination in separate traffic rules and they do not work?

M.

PTSD. BP. OCD. ASPD. BPD. Certified.

Report message to a moderator

Re: LDAP Between LANs [message #115274 is a reply to message #115273] Tue, 05 August 2014 06:17 Go to previous messageGo to next message
gskibum is currently offline  gskibum
Messages: 60
Registered: October 2011
I think so, if you mean separate rules on the different firewalls. That I have tried. If you mean both rules on the same firewall then I have not barked up that tree yet. And I don't know where the tree is!

Edit:

What I can get to work in a rather wide-open fashion:

Source: Any.
Destination: Public IP of LDAP host.
Service: LDAP & LDAPS.
Translation: MAP - IP of LDAP server or MAP - FQDN of LDAP server.

Beyond that I break it.

[Updated on: Tue, 05 August 2014 06:41]

Report message to a moderator

Re: LDAP Between LANs [message #115277 is a reply to message #115274] Tue, 05 August 2014 06:56 Go to previous message
mlee (Kerio)
Messages: 211
Registered: October 2012
Location: Sydney
And if the source being the public IP address of the web server, what would be the result?

M.

PTSD. BP. OCD. ASPD. BPD. Certified.

Report message to a moderator

Previous Topic: Found a bug in Control
Next Topic: Account Limit for Hosts?
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Wed Mar 22 04:45:35 CET 2023

Total time taken to generate the page: 0.01711 seconds
.:: Contact :: Home :: Acceptable Use Policy ::.

Powered by: FUDforum 3.0.9.
Copyright ©2001-2022 FUDforum Bulletin Board Software