A thank you to all (even the wisenheimers!). Discussions have begun with our network team using the input provided here as baseline issues. Thanks again! Let me add something, I just read - http://www.isaserver.org/tutorials/Understanding_SSL_bridging_and_tunnel ing_within_ISA.html - and one of our issues is connecting to a specific site that uses https. All that they say is needed is port 80 and 443. Yet the darn thing keeps timing out/locking up! We have multiple banking sites that we use that do not have issues...could ISA be the problem? Vendor states that they have read about known issues with ISA and SSL? They couldn't provide any links and I haven't been able to find them. Any thoughts? Eric Poole IS Security Analyst Community Medical Centers <http://communitymedical.org/> 1140 "T" Street, Fresno, California 93721 559-459-6784 (phone) 559-459-2045 (fax) -----Original Message----- From: "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>@CHCC Sent: Friday, August 29, 2003 11:08 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Connection Issue http://www.ISAserver.org True, good points. It all comes down to what a MS security tech told us at a conference. Security is like a triangle, with the points being cost, functionality and security. Some where in the triangle is the point for each company. Our job is to find that point. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -----Original Message----- From: Quillman Shawn (RBNA/CIT1.1) * [mailto:Shawn.Quillman@xxxxxxxxxxxx] Sent: Friday, August 29, 200310:14 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Connection Issue Due to obvious security issues I won't discuss the configuration of our corporate firewalls. However, there is quite an advantage to having a multiple-system firewall. A vulnerability of one system is typically not going to be a vulnerability in another system so your protection against attack is greatly increased with mixed systems. ISA can handle itself, I agree. But if/when something does get through ISA another wall behind it would give admins more time to react to the breach before the internal network is compromised. Same reason they built castles with an outer wall. The biggest question then is how willing is your company to throw the required resources at a multiple-system firewall? More systems require more money and they add a great deal of complexity to the solution. From a pure security standpoint it is the best solution. You just have to weigh it against your purse and your corporate culture. -Shawn ----- ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: epoole@xxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')