Hi Shawn, Good point. With the SQL publishing scenario, the ISA firewall isn't providing any security (just like the pix). However, if there are services behind the ISA firewall that are exposed to app layer filtering, I'd keep the dual homed ISA box where it is. Tom www.isaserver.org/shinder Get the book! Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Quillman Shawn (RBNA/CSA1) * [mailto:Shawn.Quillman@xxxxxxxxxxxx] Sent: Thursday, July 01, 2004 2:11 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Server publishing http://www.ISAserver.org Yes. The only time you can have 1 adapter is when ISA is in cache-only mode in which situation you can only web publish. The config you show doesn't really make sense, the ISA would be redundant. You would just publish the SQL server via the internal PIX. What is it you're trying to accomplish with the ISA? -Shawn ----- Shawn R. Quillman Robert Bosch Corporation RBNA/CSA1 38000 Hills Tech Drive Farmington Hills, MI 48331 (248) 553-1164 (P) (248) 848-6969 (F) shawn.quillman@xxxxxxxxxxxx -----Original Message----- From: nathan [mailto:ncasey@xxxxxxxxxxxxxxxxx] Sent: Thursday, July 01, 2004 3:40 PM To: [ISAserver.org Discussion List] Subject: [isalist] Server publishing http://www.ISAserver.org With server publishing, if I publish a SQL server that sits on the internal network, does my ISA server need 2 adapters? The SQL server is acting as a back-end database server for a Web site which is hosted on web server in a PIX DMZ. If I do need 2 adapters for server publishing can they both reside in PIX DMZ's? My network security guy wants all incoming traffic to go trough the PIX firewall Internet Router (Public IP) | | PIX FIREWALL | | Web server | | PIX FIREWALL *internal Network* | | ISA SERVER | | SQL SERVER ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist