[isalist] Re: Stupid question regarding firewall client and VLAN topology
- From: Jim Harrison <Jim@xxxxxxxxxxxx>
- To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 24 Oct 2008 09:52:19 -0700
http://www.ISAserver.org
-------------------------------------------------------
The first assumption we have to squash is that a firewall can know the
destination by name.
This is only possible for HTTP traffic.
Anything else is known only by IP address.
This is one reason your Cisco is IP-limited (but by no means the only reason).
ISA is no different in this regard; most protocols don't provide a mechanism
for the firewall to know the destination by name and reverse-lookups on the
Internet are pretty much a guaranteed path to giggling baldness.
Jim
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Andrew Hodgson
Sent: Friday, October 24, 2008 4:33 AM
To: isalist
Subject: [isalist] Stupid question regarding firewall client and VLAN topology
http://www.ISAserver.org
-------------------------------------------------------
Hi,
I wish to get more out of our ISA server by allowing users to connect to
specific sites/remote servers, but at the moment this is controlled by
our Cisco firewall via IP and port only, and I wish to restrict to
applications and DNS names, something which I believe is possible via
the ISA firewall client.
Our current topology is as follows:
Firewall with DMZs.
Core switches acting as VLAN routers for several internal VLANs,
including a server VLAN.
Edge switches connecting to clients.
If we put the ISA server in the server VLAN, and have the other NIC
connected on the other side of the firewall, and the clients use the
router IP address as the default gateway, how will this actually work?
Thanks.
Andrew.
--
allpay.net Limited, Fortis et Fides, Whitestone Business Park, Whitestone,
Hereford, HR1 3SE.
Registered in England No. 02933191. UK VAT Reg. No. 666 9148 88.
Telephone: 0870 243 3434, Fax: 0870 243 6041.
Website: www.allpay.net
Email: enquiries@xxxxxxxxxx
This email, and any files transmitted with it, is confidential and intended
solely for the use of the individual or entity to whom it is addressed. If you
have received this email in error please notify the allpay.net Information
Security Manager at the number above.
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
