Hello all,

We have an application on Pocket PCs that replicate mail for Lotus Notes.

The program resides on users workstations. (they are working on a server
based version) So for now we have to allow access on a port to several
internal machines. The default port is 603 so I chose 603-610

I was using static NAT to accomplish this but wanted to use a generic TCP
proxy because we are running out of public IP Addresses and was wondering if
I configured this the correct and most secure way.

I enabled the generic tcp proxy as follows:
Orgin server hostname: local machines private IP address
Orgin server port: 603
Proxy IP address: public interface of bordermanager server
Proxy port: 603

I then created an access rule to allow generic tcp proxy as follows:Orgin
server port: 603
Source: any
Destinstaion: internal ip address

I then created 2 filter exceptions as follows:
Src Int: Public
Dest Int: public
Src ports: 1024-65535
Dest Port 603-610
Stateful filtering disabled
Src Addr: any
Dest Addr: Public ip of proxy

Src Int: public
Dest Int: public
Src Port: 603-610
Dest Port: 1024-65535
Src Addr: public ip of proxy
Dest Addr: any

This is the way I got it to work and was wondering if this is the most
secure way to do this.

Any comments and advice are greatly appreciated.

Thanks for your time.