Thanks for the reply guys. :-) Really appreciate your inputs.
To answer apatosaur.9, my zcs server is behind a UTM and not in DMZ. It's part of the private LAN.
Somehow it looks like this:
Internet--->UTM---->ZCS---->Users
And with this setup, users can access their mails from anywhere with internet connection via https.
We somehow want to make it like this:
External Users-->VPN--->Internet--->UTM--->ZCS--->Internal Users
What we want to happen is for the users to make use of VPN in order to get their mails. Not just ordinarily from any Internet connection.
The reason behind this is to discourage the users from using Internet shops/cafes to access their mails, since alot of these internet shops have keyloggers in their workstations. Several of our user accounts have been already compromised by this type of access from Internet shops/cafes.
If there will be a better suggestion rather than just using VPN, it would be highly appreciated.
Thanks in advance. |