Highlighted
Absent Member.
Absent Member.
1688 views

Access GW without VPN

Hello,

has someone a good idea for this problem:
Our CEO wants access to his eMail from everywhere with his MacBook. But ... he dont want to start a VPN Tunnel before (With VPN everything is working).
We tested TouchDown via ActiveSync and Mobility Service, this worked well, but this client seems to be to "simple" for him.

On the other side i dont want to open our firewall for direct access via IMAP.

I am at one's wits' end.... 😞

Regards
Heiko
Labels (2)
0 Likes
10 Replies
Highlighted
Knowledge Partner
Knowledge Partner

Re: Access GW without VPN

On 11.03.2014 16:16, heikoehberger wrote:
>
> Hello,
>
> has someone a good idea for this problem:
> Our CEO wants access to his eMail from everywhere with his MacBook. But
> ... he dont want to start a VPN Tunnel before (With VPN everything is
> working).
> We tested TouchDown via ActiveSync and Mobility Service, this worked
> well, but this client seems to be to "simple" for him.
>
> On the other side i dont want to open our firewall for direct access via
> IMAP.


Well, we do our best, but miracles still take a while. 😉

Although of course I wouldn't use IMAP. Most customers I know simply
open up the POA port to the outside, with or without added SSL.

CU,
--
Massimo Rosen
Novell Knowledge Partner
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: Access GW without VPN

In article <KXFTu.5956$8g7.4071@novprvlin0913.provo.novell.com>,
Massimo Rosen wrote:
> Although of course I wouldn't use IMAP. Most customers I know simply
> open up the POA port to the outside, with or without added SSL.
>

Why not IMAP?

Other note, you can and probably should set to only allow specific
users for IMAP and/or POP within GWIA's "Class of Service"
It is almost worth setting up a separate GWIA just to properly handle
authenticated SMTP on a port other than 25 that is usually blocked by
home ISPs to combat the spambots. Port 587 is a standard for this
http://tools.ietf.org/html/rfc6409


Andy of
KonecnyConsulting.ca in Toronto
Knowledge Partner
http://forums.novell.com/member.php/75037-konecnya
If you find a post helpful and are logged in the Web interface, please
show your appreciation by clicking on the star below. Thanks!

___
“i’ve sworn an oath of solitude til the blight is purged from these lands”
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: Access GW without VPN

On 11.03.2014 18:05, Andy Konecny wrote:
> In article <KXFTu.5956$8g7.4071@novprvlin0913.provo.novell.com>,
> Massimo Rosen wrote:
>> Although of course I wouldn't use IMAP. Most customers I know simply
>> open up the POA port to the outside, with or without added SSL.
>>

> Why not IMAP?


Why IMAP, when he wants the full groupwise functionality?

CU,
--
Massimo Rosen
Novell Knowledge Partner
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: Access GW without VPN

In article <EkJTu.5984$8g7.1707@novprvlin0913.provo.novell.com>,
Massimo Rosen wrote:
> Why IMAP, when he wants the full groupwise functionality?
>

Well for a Mac, what else is there than the very old native clients?
IMAP is much closer than POP (synced folders and all that) and is what
I use where I can't use native GroupWise.


Andy of
KonecnyConsulting.ca in Toronto
Knowledge Partner
http://forums.novell.com/member.php/75037-konecnya
If you find a post helpful and are logged in the Web interface, please
show your appreciation by clicking on the star below. Thanks!

___
“i’ve sworn an oath of solitude til the blight is purged from these lands”
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Access GW without VPN

Massimo Rosen wrote:

> Although of course I wouldn't use IMAP. Most customers I know simply open up
> the POA port to the outside, with or without added SSL.


I would suggest this as well. It's a very valid (and secure) method.

--
Danita
Novell Knowledge Partner
Are you a GroupWise Power Administrator? Join our site.
http://www.caledonia.net/register

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Access GW without VPN

He wants to use definitly the Mail.app from mavericks. 😞
He did not use any groupwise clients.
So it looks that way that i can only open IMAP Port with the additional restrictions in GWIA that Andy mentioned.
...i have mixed feelings about that ... 😞
But thank you for all your statements.

By the way, he always argues, that all other companys are working in this way (mails everywhere without VPN), and if they all use exchange, that this works?
I have less knowledge about EWP and Exchange, but i am sure some of you know more about the general behaviour of other midsize companys!? How are they working?

Regards

Heiko
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Access GW without VPN

heikoehberger wrote:

>
> He wants to use definitly the Mail.app from mavericks. 😞
> He did not use any groupwise clients.
> So it looks that way that i can only open IMAP Port with the
> additional restrictions in GWIA that Andy mentioned.
> ...i have mixed feelings about that ... 😞
> But thank you for all your statements.
>
> By the way, he always argues, that all other companys are working in
> this way (mails everywhere without VPN), and if they all use exchange,
> that this works?
> I have less knowledge about EWP and Exchange, but i am sure some of
> you know more about the general behaviour of other midsize companys!?


It doesn't matter what the backend is. If end users want access to
their e-mail from outside of the organizaiton but don't want to use a
VPN, then this means exposing corporate e-mail services to the public
Internet.

BTW, back when I used to manage a GW environment, I used this open
source IMAP proxy for this situation.

http://www.imapproxy.org/

This way I didn't have to expose IMAP services in the GWIA or POA
directly to the Internet. Instead I used the proxy on a SLES server in
the DMZ, and then that proxy came back into the network to communicate
with GW.

--
Your world is on the move. http://www.novell.com/mobility/
We know what your world looks like. http://www.novell.com/yourworld/

Joe Marton Emeritus Knowledge Partner
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Access GW without VPN

"Joseph Marton" wrote:


> BTW, back when I used to manage a GW environment, I used this open source IMAP
> proxy for this situation.
>
> http://www.imapproxy.org/


That's a nice little option. As a Mac user I too use IMAP, so I might look at
it - if I ever finish the GW 2014 Upgrade Guide and can find a spare moment 😉

--
Danita
Novell Knowledge Partner
Are you a GroupWise Power Administrator? Join our site.
http://www.caledonia.net/register

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Access GW without VPN

DZanre wrote:

> That's a nice little option. As a Mac user I too use IMAP, so I
> might look at it - if I ever finish the GW 2014 Upgrade Guide and can
> find a spare moment 😉


Well if you're thinking you'll do it when you get a round to it....

http://upload.wikimedia.org/wikipedia/commons/9/93/RoundTuit.jpg

--
Your world is on the move. http://www.novell.com/mobility/
We know what your world looks like. http://www.novell.com/yourworld/

Joe Marton Emeritus Knowledge Partner
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: Access GW without VPN

In article <heikoehberger.6auu5z@no-mx.forums.novell.com>, Heikoehberger
wrote:
> By the way, he always argues, that all other companys are working in
> this way (mails everywhere without VPN), and if they all use exchange,
> that this works?
>

Just because others (of the flock) are doing things a particular way,
doesn't make it a Best Practice or even a Good Thing. I try to not make
'baaaa' sounds (of bleating sheep) at such advocates as tempting as that
is. Makes one wish the sounds Lemmings make was more well known.
So many people don't want the personal cost of doing things securely,
until they've been hit personally. <Sigh>


Andy of
KonecnyConsulting.ca in Toronto
Knowledge Partner
http://forums.novell.com/member.php/75037-konecnya
If you find a post helpful and are logged in the Web interface, please
show your appreciation by clicking on the star below. Thanks!

___
“i’ve sworn an oath of solitude til the blight is purged from these lands”
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.