Re: Back to Back ISA and Firewall Chaining

• From: "Goktug Yildirim" <yildirim@xxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 7 Feb 2002 09:08:15 +0200

I have used ip address and also used an account. Acount is the
administrator of the external ISA.
The internal NIC of Internet ISA is configured as disabled `NetBIOS`,
`File and Print Sharing`  and `Client for Microsoft`.
The event viewer says that "Event Type:  Warning
Event Source:   Microsoft Firewall
Event Category: None
Event ID:           14061
Date:                2/7/2002
Time:                9:03:48 AM
User:                N/A
Computer:         HALICARNASSUS
Description:
The Firewall service detected that the upstream proxy server
'172.16.254.1' is not available. If the upstream proxy server
172.16.254.1 becomes available, you may proceed as usual. If it does not
become available, check the status of the upstream proxy server."
Although the IP address is valid.
 
Another point is why firewall chaining is more secure then the creating
rules on the external ISA? Shortly, what is the benefit of firewall
chaning except management cost?
 Thanks for any comment,
 
 
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Thursday, February 07, 2002 12:17 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Back to Back ISA and Firewall Chaining
 
http://www.ISAserver.org
ISA MMC, Network Configuration, Properties, enter the IP of the upstream
firewall in the appropriate fields.
ISA help also covers this.
 
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
        ----- Original Message ----- 
        From: Lippman, Michael <mailto:Michael.Lippman@xxxxxxxxxxxxxxxx>

        To: [ISAserver.org Discussion List]
<mailto:isalist@xxxxxxxxxxxxx>  
        Sent: Wednesday, February 06, 2002 11:49
        Subject: [isalist] Re: Back to Back ISA and Firewall Chaining
         
        http://www.ISAserver.org
        Can you explain the steps to the firewall chaining method.  I
currently have a back to back configuration but I am not sure firewall
chaining.  
         
        We are experiencing problems with file downloads.  I wonder if
this is why.
         
        MRL
         
        -----Original Message-----
        From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
        Sent: Wednesday, February 06, 2002 11:15 AM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] Re: Back to Back ISA and Firewall Chaining
         
        http://www.ISAserver.org
        Yes, it can; I've done it myself.
        How have you configured the Firewall chain; by name or IP?
         
        Jim Harrison
        MCP(NT4, W2K), A+, Network+, PCG
        http://isaserver.org/authors/harrison/
        Read the books!
                ----- Original Message ----- 
                From: Goktug Yildirim <mailto:yildirim@xxxxxxxxxxxxxxx>

                To: [ISAserver.org Discussion List]
<mailto:isalist@xxxxxxxxxxxxx>  
                Sent: Tuesday, February 05, 2002 03:37
                Subject: [isalist] Back to Back ISA and Firewall
Chaining
                 
                http://www.ISAserver.org
                I am about to configure a back-to-back ISA
configuration.
                As Tom Shinder writes i could chain the firewall
services. But I could not...Internal ISA seems to be unaware of the
external ISA with an eventlog that describes the unavailability of the
other ISA.
                I do not have deep konwledge about firewall chaning and
I think the problem is about the different roles of the ISA servers.
                Shortly, internal ISA is in integrated mode and external
ISA is in firewall-mode. Do you know if firewall chaining can work with
these ISA servers?
                Thanks for any comment,
                Goktug
                 
                 
                PS: Also I want to know why it is more secure using
firewall chaining instead of defining rules to a fix ip addres?
                ------------------------------------------------------
                You are currently subscribed to this ISAserver.org
Discussion List as: jim@xxxxxxxxxxxx
                To unsubscribe send a blank email to
$subst('Email.Unsub') 
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: Michael.Lippman@xxxxxxxxxxxxxxxx
        To unsubscribe send a blank email to
$subst('Email.Unsub') 
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: jim@xxxxxxxxxxxx
        To unsubscribe send a blank email to
$subst('Email.Unsub') 
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
yildirim@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Back to Back ISA and Firewall Chaining
• » Back to Back ISA and Firewall Chaining
• » Re: Back to Back ISA and Firewall Chaining
• » Re: Back to Back ISA and Firewall Chaining
• » Re: Back to Back ISA and Firewall Chaining
• » Re: Back to Back ISA and Firewall Chaining

1. Home
2. isalist
3. Archive
4. 02-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---