RE: FYI: ISA on SBS

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 14 Jul 2003 11:21:07 -0500

Hi John,
 
Yes please! I'd like to hear more of your observations on this.
 
However, the problem with the sonicwall firewall setup is that if you
run ISA Server 2000 on the SBS box that runs the Exchange Server, you
cannot avail external users of Exchange RPC publishing. The only way to
do this is to disabling packet filtering, in which case, there's no
point to even installing ISA Server, since its no longer a firewall
without packet filtering protection. The Problem is that there's no way
to disable RPC socket pooling. When you can't disable socket pooling,
you can't create Server Publishing or Web Publishing Rules on that
socket. The only other option is to create packet filters, but in order
to create packet filters, you have to open the entire ephermal range of
ports using static packet filters, which gets back to the poor security
provided by tradition packet filtering based devices like PIX or
sonicwall, and the reason why you want an ISA based appliance in front
of the SBS box so that the customer is able to fully take advantage of
the Exchange Server and remote Outlook 2000/2002/2003 client.
 
Thanks!
Tom
 
 
Thomas W Shinder
www.isaserver.org/shinder <http://www.isaserver.org/shinder>  
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
<http://tinyurl.com/1llp> 

 

        -----Original Message-----
        From: John Tolmachoff (Lists)
[mailto:johnlist@xxxxxxxxxxxxxxxxxxx] 
        Sent: Monday, July 14, 2003 10:39 AM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: FYI: ISA on SBS
        
        
        http://www.ISAserver.org
        
        

        I'll throw my .02 in here. (Since the doctor spoke so highly of
SonicWall.)

         

        For what Amy is describing, a small business not running their
own Exchange and only using SQL for small internal processes, SBS with
ISA is great.

         

        I think where the need to remove ISA from SBS comes in if you
are going to use SQL heavily or Exchange heavily. In that case, if you
were not going to use OWA, then a SonicWall serving as the firewall
would be fine.

         

        However, I would make one more recommendation: If you are going
to use OWA and want those features of Exchange, use SBS with ISA and a
SonicWall as the first line. SonicWall can be configured in what is
called Standard mode, which does not do NAT, instead emulating the
default gateway. In this way, the SonicWall can stop the majority and
ISA can then be left to handle all the RPC stuff.

         

        I would be more than happy to expand on this idea.

         

        John Tolmachoff MCSE CSSA

        Engineer/Consultant

        eServices For You

        www.eservicesforyou.com

         

         

Other related posts:

• » FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS

1. Home
2. isalist
3. Archive
4. 07-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---