Corporate Openfire Server Access from internet

Please anyone can help us with the following question?

We want to deploy Openfire Server in our corporate network, but we want remote users working out of the office also connect to IM Server. We have the option os installing VPN software to this users, the other option is a NAT in our firewall and connect without VPN Software. I don´t like very much this last option, for security conerns, but is the option users are used to now. If we open the port, is there any way to enforce security, placing some kind of gateway in a DMZ, or some thing like that?

Best regards and thanks in advance,


You could place a connection manager in the DMZ I suppose, but I’m not sure what that will give you.

What are you concerned about specifically? There’s always the option of putting the Openfire server in the DMZ (and perhaps using an internal database server for logs etc?).

You really only need open a single port on your firewall for ‘normal’ text traffic and due to it’s nature, I can’t see there being a massive risk for server compromise using that port.

Just open port 5222 on your firewall and redirect it to the server running openfire.