| This question is to anyone who can shed some light on the positioning of
| lotus notes servers and the firewall. We are planning to install a
| notes server located both on the outside of the firewall and on the
| inside. We have vendors that need to post to the server from the
| internet. After they dump their data to this server it is then
| retrieved by the inside notes server. At first I was told this was a
| 'pull' technology from the inside server, now I am being told it is a
| 'push' from the outside...is this not a security hazzard. What if a
| 'hacked' applet or other virus makes it way through the f/w. I will be
| using a pass thru proxy that CyberGuard provides, but I don't think
| this is sufficient protection. Where should the servers be located? Any
| comments or help is greatly appreciated...
| jle9 @
Push or Pull doesna matter, it just depends on who initiates the
transfer, the server inside the firewall ( pull ) or the server outside
( push ) - either way the data gets replicated.
So, for what it is worth, if I had to do this ( and I am in the
process of doing this ) what I would do is the following.
- one server on the outside of the firewall - accessible from the 'Net
- main server on the inside protected by the firewall
- replicate between the servers a couple of times a day by a dial up line
- clean up your external databases daily
This way you have complete control of:
- which server talks to which server and when
- to an extent what data is externally availble ( daily clean up )
- You can even inspect all the information posted to the external
server before you replicated, if you really wanted to, via some
sort of virus/macro scanner.
In addition there is no direct LAN type connection between the servers,
only a dial up line that is only used to replicate between the two
servers, hence the business of the proxy becomes moot.
As to hacked applets and the like, I think that with the setup
described above that common sense in executing any attachements would
suffice, that and some sort of virus/macro scanner executed on all
the external data prior to replication.
The only thing I am not 100% sure of is whether or not there exists a
virus/macro scanner that would detect stuff within a Notes database.
Hope this helps.