Since port 445 and READ/WRITE access to an internal server from the DMZ are forbidden due to security guidelines we are unable to copy files between the two zones. This seems to be a generic problem. What security measures are recommended to allow shared folders and file copies between the two zones especially when we try to use a automated scheduler ?

Hi, Thank you for your post here. 1. You can allow the port 445 traffic in the router between the internal network and DMZ by defining a specific source and destination. Furthermore, a scheduled allow firewall can be set in the firewall/router to allow the traffic in a particular time. 2. Implement IPSec rule on the source and destination to authenticate the peer and encrypt the port 445 traffic.

I have started reading about this (http://www.microsoft.com/ipsec ) but I still have this question. So whenever a person manually copies a file to a windows share or a tool does it using SMB the OS enforces this IPSec security transparently. Is that correct ? Don't want to start on a wrong assumption. Since the DMZ machine is accessible from the internet anybody can copy a file even with IPSec. Is that correct ? I didn't get any details to implement and test transparent peer authentication on my local Windows XP box. Update: I got access to a MS guide.

I have started reading about this (http://www.microsoft.com/ipsec ) but I still have this question. So whenever a person manually copies a file to a windows share or a tool does it using SMB the OS enforces this IPSec security transparently. Is that correct ? Don't want to start on a wrong assumption. Since the DMZ machine is accessible from the internet anybody can copy a file even with IPSec. Is that correct ? I didn't get any details to implement and test transparent peer authentication on my local Windows XP box.

I have started reading about this (http://www.microsoft.com/ipsec ) but I still have this question. So whenever a person manually copies a file to a windows share or a tool does it using SMB the OS enforces this IPSec security transparently. Is that correct ? Don't want to start on a wrong assumption. Since the DMZ machine is accessible from the internet anybody can copy a file even with IPSec. Is that correct ?