RE: DMZ perimeter network works withOUT a packet filter
- From: "Thomas W. Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 24 Jan 2002 13:38:24 -0600
Hi Nigel,
Protocol Rules have *no* effect on routing packets between the network
and the pubic DMZ segment.
HTH,
Tom
www.isaserver.org/shinder
-----Original Message-----
From: Nigel Carroll [mailto:nigel@xxxxxxxxxxxxxxx]
Sent: Thursday, January 24, 2002 12:34 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] DMZ perimeter network works withOUT a packet filter
http://www.ISAserver.org
I found that even when I had a packer filter defined all I could do was
ping from PC (see below) which is normal due to the way ICMP is allowed
when IP routing is enabled, so had to define a protocol filter to get
web access.
I then DISabled the Packet filter and to my surprise discovered that ISA
does NOT block outward access from PC - all that is needed is a Protocol
filter.
This is contrary to doco I've read (in Tom's book) that says you should
ONLY need a packet filter when using a perimeter network DMZ design like
mine below.
Am I missing something here or is this normal behaviour?
Nigel
internet
|
|
External NIC
ISA Server
Internal NIC
Priv IP Pub IP
| |
| |
LAN PC with Pub IP
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
