Basically, we have a contractor coming in and handling our phones for our call center.
The way I see it I have two options. They require SSH access to their ASA to manage everything:
1.) Put ASA in DMZ and poke a bunch of holes in our firewall to allow ASA DMZ > Server Internal.
2.) Plop the ASA in the internal network so they can have a straight shot in and not have to poke holes in the firewall. No DMZ at all
We almost always do #1 for all external services, but these guys want ports 23/3389 open to manage their shit and I don't really feel comfortable popping open a hole in the FW for those ports.
What is the best way to go about this?
No comments:
Post a Comment