Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 24
  1. #11
    Untangler
    Join Date
    Nov 2007
    Posts
    55

    Default

    wouldn't VPN be lighter weight and more secure?

  2. #12
    Newbie
    Join Date
    Aug 2008
    Posts
    1

    Default Check you Subnet

    Make sure the IP address for the machine you are using to connect to the network via VPN is a different subnet than the SBS Network, in other words you are at home with your laptop trying to gain access to the network resources at the office. The Ip at the office is 192.168.1.x, make sure your ip on the laptop is different (192.168.0.x or 192.168.12.x) this should allow you to then use UNC for machine lookups.

  3. #13
    Untangle Ninja YeOldeStonecat's Avatar
    Join Date
    Aug 2007
    Posts
    1,565

    Default

    Quote Originally Posted by jcyphert View Post
    wouldn't VPN be lighter weight and more secure?
    RWW is secure, httpS. As long as you have a decent Administrator password, and the RWW enabled user accounts (you can control which users are allowed to use it) have decent passwords...you're quite secure. These are things that you the admin can EASILY control and enforce.

    No information for logging into the network is left behind. How many "road warrior laptops" do you know..that have pre-configured VPN client dialers...meaning, username and password are "saved". Quite a few. So if a staff laptop is lost/stolen, whoever gets their hands on it can easily potentially access your entire network...double click that VPN connection..login because the username/password is saved. Free to poke around if they know what they are doing. With RWW...username and password are by default removed, and all data done during the login is "poof"...gone. Nothing left behind.

    With VPN there is good chance of data going back 'n forth between host network..and the remote VPN client (including the network the remote client is on). As some of us know...some malware/trojans/worms can easily spread across networks via IP/UNC. Client computers that VPN into a central network become part of that network...so if a VPNd client has a worm or trojan or something like that...there is a possibility that it can jump into the central office network. With RWW...this cannot happen.

    RWW is a great tool for remote access. Very easy for end users to use. Makes connecting to their workstations at the office (or terminal server on the network) very easy, hardly any setup headaches for the IT person, you don't need to have static IPs on the workstations, or worry about name resolution. Also gives access to Exchange OWA, as well as Sharepoint.

  4. #14
    zay
    zay is offline
    Master Untangler zay's Avatar
    Join Date
    Aug 2008
    Posts
    103

    Default

    Quote Originally Posted by YeOldeStonecat View Post
    Why bother going through all the trouble of remote desktop and finding workstation names/IPs...when the Remote Web Workplace portal takes care of all of this for you?
    https:\\servernameorIP\remote
    That is true. You might want to make sure you change the UT's SSL port to something else, because in order to access RWW, you need 443, 4125 open for it. If your UT is functioning as a router and firewall make sure you configure the port forwarding properly.
    What does it profit you to gain the world and lose your soul?

  5. #15
    Newbie
    Join Date
    Aug 2008
    Posts
    9

    Default

    Can UT be configured to use WINS (either running as a WIN server over pointing to the SBS server as the WINS server)

  6. #16
    zay
    zay is offline
    Master Untangler zay's Avatar
    Join Date
    Aug 2008
    Posts
    103

    Default

    Good advice YeoldStonecat. You will also have to change the SSL port on UT to something else because RWW uses port 443. You also need to open ports 4125 for RWW. 444 for sharepoint, 1723 for vpn (sbs comes with it's own vpn setup that works great). make sure you configure the port forwarding on the UT if your are using the firewall plugin.
    What does it profit you to gain the world and lose your soul?

  7. #17
    Untangle Ninja YeOldeStonecat's Avatar
    Join Date
    Aug 2007
    Posts
    1,565

    Default

    Quote Originally Posted by zay View Post
    Good advice YeoldStonecat. You will also have to change the SSL port on UT to something else because RWW uses port 443. You also need to open ports 4125 for RWW. 444 for sharepoint, 1723 for vpn (sbs comes with it's own vpn setup that works great). make sure you configure the port forwarding on the UT if your are using the firewall plugin.
    Yup...I usually change to 8443
    I don't open/forward the VPN ports....with RWW there is not reason for port 1723, no reason for VPN.
    On most of my clients, I have a biz grade router that supports VPN, so I use that. I always prefer hardware VPN on an appliance, rather than software VPN adding another service to a server.

  8. #18
    zay
    zay is offline
    Master Untangler zay's Avatar
    Join Date
    Aug 2008
    Posts
    103

    Default

    Quote Originally Posted by YeOldeStonecat View Post
    Yup...I usually change to 8443
    I don't open/forward the VPN ports....with RWW there is not reason for port 1723, no reason for VPN.
    On most of my clients, I have a biz grade router that supports VPN, so I use that. I always prefer hardware VPN on an appliance, rather than software VPN adding another service to a server.
    Yeah I agree with you. I had some clients that even though they can access RWW, they still insist on the VPN. I preached and plead, but some old is old school and stuck in their ways. So they have both, hence the need to open 1723. But hey as long as they are happy, I get paid
    What does it profit you to gain the world and lose your soul?

  9. #19
    Untangler
    Join Date
    Nov 2007
    Posts
    55

    Default

    Yes, BUT... how badly will RWW hamper a single DSL Connection? That was the only reason I didn't recommend RWW. If I have an office for of staff working online "surfing and playing games" and ten people out in the field actually trying to work will it be slower then just giving them access to their files. I had intended to make them report lost and stolen laptop ASAP. This way I can just Disable that VNC client.

    Not arguing, just trying to find the BEST solution. THANKS for all the help thus far

  10. #20
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,498

    Default

    Urm... web traffic is WORLDS smaller than windows file and print sharing. VPN + direct file access is far heavier than https on IIS ever will be.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 2 of 3 FirstFirst 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2