Deploying the appliance on an internal network segment: Secure remote desktop access deployment guide by Symantec Free Trial | Support Virtualization Blog | Webcasts
Remote Desktop Control by BOMGAR Remote Desktop Access Remote Support Solutions Customers Help Desk Support News About Bomgar Contact Bomgar

Bomgar Box™ Secure Deployment Guide

Symantec Secure Deployment Recommendations

PDF PDF Version (387KB)   Email Email This Item


Internal Network

Deploying the Bomgar Box™ on an internal network segment is ideal when the support base is completely internal or accessible through a VPN. No firewall changes are required because the device and all of the supported clients are internal to the firewall.

In environments where the supported users or systems are external to the firewall, Symantec only recommends this deployment location in the event that a DMZ does not exist or when the appliance cannot be deployed externally.

An internal deployment of the Bomgar Box™ requires numerous changes to the environment and a solid understanding of perimeter firewall controls and Network Address Translation.

Pros

• If the appliance is utilized to support only internal systems, this location is ideal. Firewall changes will not be required, and connectivity to the appliance is limited to only internal systems.

Cons

• If the appliance is utilized to support systems external to the corporate firewall, the following items must be taken into consideration:

• Network Address Translation (NAT). If you utilize RFC1918 private IP addresses, such as the 10.0.0.0, 192.168.0.0, or 172.16.0.0 networks, you will have to perform NAT on your perimeter firewall. If you do not use private IP addresses, NAT will not be required.

• DNS. In NAT environments, you should utilize split-DNS. The external name server must resolve the external IP address of the Bomgar Box™. The internal name server must resolve the internal IP address. Without split-DNS, a situation may occur where internal users will connect to an external IP address to access an internal system. Conversely, if the external DNS resolution resolves the internal IP address, external computers will not be able to connect to the internal IP address because it may be a private address.

• Firewall Rules. By placing the appliance on an internal network, external Internet-based systems will have the ability to terminate connections on internal systems. This often violates corporate policy and does not adhere to security best practices. Changes to firewall rules will be required in order to allow external systems to connect to the appliance. Additionally, in the scenario highlighted in the DNS section, firewall rules may have to be made to allow internal systems to connect to the device if a split-DNS environment does not exist.
> Introduction
> Security Feature Overview
> Secure Deployment
DMZ
External Network
Internal Network
> Security Settings
Appliance Administration
Security
User Accounts
File Store
Operational Practices
> About Bomgar
> About Symantec
  << Previous | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | Next >>

 

The Adobe® logo is a registered trademark of Adobe Systems Incorporated in the United States and/or other countries.
© 2003-2008 Bomgar Corporation | All Rights Reserved Remote Desktop Access & Control | Remote Support | Remote Access Software for Unattended Systems
Remote Desktop Control by BOMGAR | PrivacyRemote PC Access | Mac Remote Access | Linux Remote Access | Remote Control for Windows Mobile