6 Replies Latest reply: Nov 26, 2014 12:17 PM by David Cohen RSS

    Access QMC via external ip

      Howdy,

       

      I had my IT guys set up an external IP address to get accesspoint anywhere on the web...

       

      Any idea why i can't get access to the QMC via this same external ip?

        • Re: Access QMC via external ip
          Marcus Sommer

          Maybe there are blocked ports or firewall / group policy restricted the access - but you should think carefully if you makes your server available from external. It's rather not recommended - you could use VPN.

           

          - Marcus

            • Re: Access QMC via external ip

              Thanks for your response Marcus,

               

              Do you say that, even though we authenticate using active directory credentials? Is it really a big security concern?

               

              -David

                • Re: Access QMC via external ip
                  Marcus Sommer

                  I couldn't say how great the risks are. The server could be ddos attacked, exploits against browser / protocolls / services, staff could leave the company ... What is responsible and what is paranoid? I don't know.

                   

                  - Marcus

                  • Re: Access QMC via external ip
                    Joseph Simmons

                    Agree with Marcus here, certainly wouldn't recommend it

                    • Re: Re: Access QMC via external ip
                      Bill Markham

                      David

                       

                      If you really, really want to access AccessPoint from a browser on the external web, then the way I have done it is :

                       

                      • Build additional new QV Web Server with IIS in the DMZ
                        • With SSL enabled for https
                        • Implement additional security within IIS and other methods
                          • [I won't divulge details of this on a public forum as it could be read & exploited by hackers]
                        • Only open the https firewall port from this DMZ server to the web
                      • Leave existing QV Server on the LAN
                        • Only open the mandatory QV Server firewall ports from this server to the  DMZ QV Web Server with IIS

                       

                      DO check with your powers to be about your company's security policies.

                       

                           *******************************************

                       

                      Opening any ports from the external web direct through to your LAN is very insecure.

                       

                      This is not the case how I have done it as the additional new QV Web Server with IIS in the DMZ acts as broker and allows no direct access web to LAN.

                       

                      If in doubt be very paranoid and make sure anything you do is approved at a senior level above you.

                  • Re: Access QMC via external ip

                    Thank you for your help guys!

                     

                    The VPN can be such a pain for users...we're hoping to have a secure enviroment with this external IP...

                     

                    Though i'm getting the impression that's not possible to do it while being secure