RE: Firewall Client & Default Gateway

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 10 May 2004 14:28:01 -0500

Hi Rob,

Since I wrote it, I'll tell you my reasoning:

1. Because users can access ICMP and PPTP (if you have enable PPTP
passthrough) without authenticating because the secret filters that
allow outbound access to these connections do not support user/group
authentication, and that's no entirely secure, and packet filters can't
control outbound access from LAT hosts.

2. Assign yourselves a default gateway, then you can access these
protocols.

HTH,
Tom

Thomas W Shinder
www.isaserver.org/shinder
ISA 2004 Beta - Get it now!
http://www.microsoft.com/isaserver/beta/default.asp
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp

 


-----Original Message-----
From: Rob Moore [mailto:RMoore@xxxxxxxx] 
Sent: Monday, May 10, 2004 12:17 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Firewall Client & Default Gateway


http://www.ISAserver.org

Hello--

In "Configuring ISA Server 2000," Dr. Shinder writes, regarding
configuring a firewall client with a default gateway, "In your
production environment, you should not configure your firewall clients
with a default gateway." (page 400)

Two questions:
1. Why not?
2. What about a few of us in IT who need to be able to ping? Should I
configure these machines with a default gateway, or configure them as
SecureNAT clients?

I guess that's kind of three questions. Oh, well.

Thanks,
Rob
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Rob Moore, MCSE
Network Manager
American Friends Service Committee
215-241-7870
rmoore@xxxxxxxx

Our greatest glory is not in never failing but in rising every time we
fall.
                       --Confucius


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Firewall Client & Default Gateway
• » Re: Firewall Client & Default Gateway
• » Re: Firewall Client & Default Gateway
• » RE: Firewall Client & Default Gateway

1. Home
2. isalist
3. Archive
4. 05-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---