RE: Server publishing

Hi Shawn,

Good point. With the SQL publishing scenario, the ISA firewall isn't
providing any security (just like the pix).

However, if there are services behind the ISA firewall that are exposed
to app layer filtering, I'd keep the dual homed ISA box where it is.

Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls



-----Original Message-----
From: Quillman Shawn (RBNA/CSA1) * [mailto:Shawn.Quillman@xxxxxxxxxxxx] 
Sent: Thursday, July 01, 2004 2:11 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Server publishing


http://www.ISAserver.org


Yes.  The only time you can have 1 adapter is when ISA is in cache-only
mode in which situation you can only web publish.  The config you show
doesn't really make sense, the ISA would be redundant.  You would just
publish the SQL server via the internal PIX.  What is it you're trying
to accomplish with the ISA?

-Shawn 


-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CSA1
38000 Hills Tech Drive
Farmington Hills, MI 48331
(248) 553-1164 (P) (248) 848-6969 (F)
shawn.quillman@xxxxxxxxxxxx

-----Original Message-----
From: nathan [mailto:ncasey@xxxxxxxxxxxxxxxxx] 
Sent: Thursday, July 01, 2004 3:40 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Server publishing

http://www.ISAserver.org

With server publishing, if I publish a SQL server that sits on the
internal network, does my ISA server need 2 adapters? The SQL server is
acting as a back-end database server for a Web site which is hosted on
web server in a PIX DMZ.
If I do need 2 adapters for server publishing can they both reside in
PIX DMZ's? My network security guy wants all incoming traffic to go
trough the PIX firewall

Internet Router
   (Public IP)
        |
        |
PIX FIREWALL
        |
        |
  Web server 
        |
        |       
PIX FIREWALL
*internal Network*
        |
        |
ISA SERVER
        |
        |
SQL SERVER

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist


Other related posts: