http://www.ISAserver.org ------------------------------------------------------- The first assumption we have to squash is that a firewall can know the destination by name. This is only possible for HTTP traffic. Anything else is known only by IP address. This is one reason your Cisco is IP-limited (but by no means the only reason). ISA is no different in this regard; most protocols don't provide a mechanism for the firewall to know the destination by name and reverse-lookups on the Internet are pretty much a guaranteed path to giggling baldness. Jim -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew Hodgson Sent: Friday, October 24, 2008 4:33 AM To: isalist Subject: [isalist] Stupid question regarding firewall client and VLAN topology http://www.ISAserver.org ------------------------------------------------------- Hi, I wish to get more out of our ISA server by allowing users to connect to specific sites/remote servers, but at the moment this is controlled by our Cisco firewall via IP and port only, and I wish to restrict to applications and DNS names, something which I believe is possible via the ISA firewall client. Our current topology is as follows: Firewall with DMZs. Core switches acting as VLAN routers for several internal VLANs, including a server VLAN. Edge switches connecting to clients. If we put the ISA server in the server VLAN, and have the other NIC connected on the other side of the firewall, and the clients use the router IP address as the default gateway, how will this actually work? Thanks. Andrew. -- allpay.net Limited, Fortis et Fides, Whitestone Business Park, Whitestone, Hereford, HR1 3SE. Registered in England No. 02933191. UK VAT Reg. No. 666 9148 88. Telephone: 0870 243 3434, Fax: 0870 243 6041. Website: www.allpay.net Email: enquiries@xxxxxxxxxx This email, and any files transmitted with it, is confidential and intended solely for the use of the individual or entity to whom it is addressed. If you have received this email in error please notify the allpay.net Information Security Manager at the number above. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx