Re: I need info please on SA SSL VPN

vantheman_ · ‎01-02-2009

This is more a general help question that a technical one.

i have a 3rd party business partner requiring access to a couple of apps and Terminal Servers on our network. They are a paranoid lot and have locked down their corporate PCs to the level where hosts file mods are not allowed.

I want to convince them that the SA is perfectly safe, even if they allow mods to the hosts file for loopbacks via an AD policy and further that this is the only way that I will allow them to access our network anyway - so like it or lump it.

We use JSAM on our intranet for a flashy flash slide show and this is the basic issue. JSAM requires mods to hosts file.

TS client i can provide for their Admins to load on PCs requiring TS/app access but i need more high level to take to their senior mgmt as opposed to tech stuff for their IT Dept. thereby hoping that their mgmt instruct IT to lossen the reins a little bit. IT says anything that modifies the hosts file exhibits virus like behaviour.

i have been through all the product borchures and cannot find even a model network diagram showing where and why we use an SA 2000 for ALL of our remote access.

can anybody help please?

Jickfoo_ · ‎11-06-2007

Set them up a role which will bring them to a menu with links for Terminal Services and a Launch NetConnect Icon. Lock down NetConnect so you are only giving them access to particular ports on specific hosts.

It's as secure as JSAM and no need to alter the hosts file.

Another thought..

What gets added to their hosts file when they login ? If it's fairly static, could they add entries to their DNS Server.. ie Server1 = 127.0.0.5 ?

If all they need is name resolution to make this work, then adding a couple entires to their DNS should do the trick.

Good Luck