I'm using Zimbra Network Edition 6.0.1 in network architecture where I have Firewall with these 3 interfaces:
- external DMZ (public network)
- LAN (private network)
- Internet (public netwotk)
n.1 Zimbra Store and n.1 Zimbra Proxy have been installed in LAN, so my firewall (FW) does this translation for every user which access from Internet...
(Internet user) Public IP → Pubblic IP Zimbra (Virtual Public IP into my DMZ) TRANSLATED INTO:
(Internet user) Public IP → Internal Zimbra proxy (Private IP into my LAN)
Zimbra proxy has a static route to my firewall to answer to EXTERNAL requests.
1) I'd like to move Zimbra Proxy to external DMZ and to keep Z.Store in LAN.
I'd like my FW to use NAT Mechanism to permit access to internal Z.Store.
Someone told me that this doesn't work as there are communication problems between Z.Store and Z.Proxy with NAT mechanism, because Zimbra protocol doesn't support NAT.
2) I'd like to solve an access problem to Zimbra store from private network.
Actually Z.Store and Z.Proxy are in a private internal network. We use
two different DNS -DNS (E): domain EXTERNAL.COM
for INTERNET (e.g. for Web service, mail domain,...)
-DNS (I): domain INTERNAL.COM
for my LAN (all machines inside LAN)
Z.Store, Z.Proxy and internal clients are using DNS 'I'.
Zimbra code refers to Z.Store using the name 'zstore.external.com' and to Z.Proxy using 'zi.external.com'.
When people access from Internet there are no problems.
When people access from LAN, they type directly http://IPADDRESS of Zstore server into their browsers; sometimes Zimbra HTML code references to 'http://zstore.external.com' and user clients are not able to solve this 'zstore.external.com' because they use DNS 'I'.
I'd like to avoid adding new subzone 'internal.com' into my DNS 'I' for the Zimbra machines.
Can you suggest me alternative solution ?