RE: automatically detect isa server problem

• From: "JosephK" <josephk@xxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 20 Jul 2005 10:23:16 -0700

That's actually an interesting concept. I only have mail forwarders and 
a sniffer in my honeypot dmz. Do you think that it is a good idea to
keep
a second domain in the DMZ domain? And what are some additional benefits
of 
doing so?
Thank you,
Joseph

-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] 
Sent: Wednesday, July 20, 2005 10:17 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: automatically detect isa server problem

http://www.ISAserver.org

Well, I wouldn't say "no reason" like that... My FE ISA server is a
member 
of the DMZ domain for the same reason.  Of course, the DMZ domain and
the 
internal domain don't have anything to do with each other-- but things
like 
authentication and group policy are quite valid reasons to have even a
FE 
ISA as a domain member.   But I know you know that ;)

t

----- Original Message ----- 
From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, July 20, 2005 10:00 AM
Subject: [isalist] RE: automatically detect isa server problem


http://www.ISAserver.org

Hi Joseph,

Exactly. Since there isn't a net increase in the level of security
offered by the front-end being a domain member, there's no reason to do
so. What gets me are those who won't join the ISA firewall to the domain
because they're afraid men from Mars will come here and not get Measles.

Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls



> -----Original Message-----
> From: JosephK [mailto:josephk@xxxxxxxxx]
> Sent: Wednesday, July 20, 2005 11:51 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: automatically detect isa server problem
>
> http://www.ISAserver.org
>
> Hi Thomas,
> I join the internal ISA box in my back to back to the domain.
> The front end ISA box isn't joined to the domain.  And I
> agree that the
> front end really doesn't need to be added to a domain.
>
> Joseph
>
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Wednesday, July 20, 2005 5:33 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: automatically detect isa server problem
>
> http://www.ISAserver.org
>
> ARRRGGG!
>
> Join that ISA firewall to the domain ASAP. It's a more secure
> config and
> then your Firewall clients will work (which is just one of the many
> reasons why a domain joined ISA firewall is more secure).
>
> I always join ISA firewalls to the domain when appropriate. The only
> time when it wouldn't provide an enhanced security posture is
> in a back
> to back config, when the front end isn't doing any auth chores and
> you're running an anonymous access DMZ between the front end and back
> end.
>
> HTH,
>
> Tom
> www.isaserver.org/shinder
> Tom and Deb Shinder's Configuring ISA Server 2004
> http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
>
>
>
> > -----Original Message-----
> > From: jankees [mailto:jankees@xxxxxxx] On Behalf Of info
> > Sent: Wednesday, July 20, 2005 7:29 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: automatically detect isa server problem
> >
> > http://www.ISAserver.org
> >
> > Firewall is a standalone server. (not member of any domain)
> Client is
> > not member of any domain.
> > DNS server is AD domain controller. (this is my personal exchange
> > server, hence the AD.....)
> >
> > -----Original Message-----
> > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > Sent: Wednesday, July 20, 2005 2:19 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: automatically detect isa server problem
> >
> > http://www.ISAserver.org
> >
> > Hi Info,
> >
> > Are the clients members of the same domain as the ISA firewall?
> >
> > Tom
> > www.isaserver.org/shinder
> > Tom and Deb Shinder's Configuring ISA Server 2004
> > http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> >
> >
> >
> > > -----Original Message-----
> > > From: jankees [mailto:jankees@xxxxxxx] On Behalf Of info
> > > Sent: Wednesday, July 20, 2005 7:15 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: automatically detect isa server problem
> > >
> > > http://www.ISAserver.org
> > >
> > > It takes about 4 seconds before it syas: Failed to detect
> > ISA Server.
> > >
> > > -----Original Message-----
> > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > > Sent: Wednesday, July 20, 2005 2:06 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: automatically detect isa server problem
> > >
> > > http://www.ISAserver.org
> > >
> > > Hi Info,
> > >
> > > OK, sounds good so far.
> > >
> > > What happens when you click Detect Now?
> > >
> > > Tom
> > > www.isaserver.org/shinder
> > > Tom and Deb Shinder's Configuring ISA Server 2004
> > > http://tinyurl.com/3xqb7
> > > MVP -- ISA Firewalls
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: jankees [mailto:jankees@xxxxxxx] On Behalf Of info
> > > > Sent: Wednesday, July 20, 2005 6:57 AM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] RE: automatically detect isa server problem
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > >
> > > > The configuration must almost be correct, since the
> > autodetect does
> > > > work, after I do an explicit "ping wpad" from the client.
> > > >
> > > >
> > > >
> > > > Dns is setup as follows:
> > > >
> > > > Wpad alias (cname) boss_lan.fels.us
> > > > Boss_lan host (A) 10.1.0.1
> > > > Boss_dmz host (A) 10.2.0.1
> > > >
> > > > Default gateway of the client is 10.1.0.1
> > > >
> > > > Client is on the "Internal" network.
> > > >
> > > > "Internal" network settings on isa firewall:
> > > >
> > > > Firewall client support is enabled.
> > > > Isa server name is set to "boss_lan.fels.us"
> > > > Automatically detect settings is selected.
> > > >
> > > > Publish automatic discovery information is selected,
> > default port 80
> > > >
> > > > -----Original Message-----
> > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > > > Sent: Wednesday, July 20, 2005 1:26 PM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] RE: automatically detect isa server problem
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > What are they?
> > > >
> > > > Tom
> > > > www.isaserver.org/shinder
> > > > Tom and Deb Shinder's Configuring ISA Server 2004
> > > > http://tinyurl.com/3xqb7
> > > > MVP -- ISA Firewalls
> > > >
> > > >
> > > >
> > > > > -----Original Message-----
> > > > > From: jankees [mailto:jankees@xxxxxxx] On Behalf Of info
> > > > > Sent: Wednesday, July 20, 2005 6:22 AM
> > > > > To: [ISAserver.org Discussion List]
> > > > > Subject: [isalist] RE: automatically detect isa server problem
> > > > >
> > > > > http://www.ISAserver.org
> > > > >
> > > > > Hi there,
> > > > >
> > > > > I believe they are correct. What can I do?
> > > > >
> > > > > -----Original Message-----
> > > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > > > > Sent: Wednesday, July 20, 2005 1:12 PM
> > > > > To: [ISAserver.org Discussion List]
> > > > > Subject: [isalist] RE: automatically detect isa server problem
> > > > >
> > > > > http://www.ISAserver.org
> > > > >
> > > > > Hi Info,
> > > > >
> > > > > Sounds like the Firewall client listener settings aren't
> > > configured
> > > > > correctly.
> > > > >
> > > > > HTH,
> > > > >
> > > > > Tom
> > > > > www.isaserver.org/shinder
> > > > > Tom and Deb Shinder's Configuring ISA Server 2004
> > > > > http://tinyurl.com/3xqb7
> > > > > MVP -- ISA Firewalls
> > > > >
> > > > >
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: info@xxxxxxx [mailto:info@xxxxxxx]
> > > > > > Sent: Wednesday, July 20, 2005 6:03 AM
> > > > > > To: [ISAserver.org Discussion List]
> > > > > > Subject: [isalist] automatically detect isa server problem
> > > > > >
> > > > > > http://www.ISAserver.org
> > > > > >
> > > > > > Hello,
> > > > > >
> > > > > > I have a strange problem with "wpad".
> > > > > >
> > > > > > My isa firewall client will not automatically detect the
> > > > isa server.
> > > > > > Only after I explicitly do a "ping wpad" from the firewall
> > > > > > client, the dns
> > > > > > cache is filled on the client with the wpad entry.
> Only then,
> > > > > > the firewall
> > > > > > client can "automatically" detect the isa server.
> > > > > >
> > > > > > Why do I have to explicitly do a "ping wpad". According to
> > > > > > the manual, the
> > > > > > firewall client is supposed to do it.
> > > > > >
> > > > > > In my scenario, there is only 1 isa server and the
> dns server
> > > > > > is running
> > > > > > on a different server.
> > > > > >
> > > > > > ------------------------------------------------------
> > > > > > List Archives:
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > > ISA Server Newsletter:
> > > > http://www.isaserver.org/pages/newsletter.asp
> > > > > > ISA Server FAQ:
> > > > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > > > ------------------------------------------------------
> > > > > > Other Internet Software Marketing Sites:
> > > > > > World of Windows Networking:
> http://www.windowsnetworking.com
> > > > > > Leading Network Software Directory:
> http://www.serverfiles.com
> > > > > > No.1 Exchange Server Resource Site:
> http://www.msexchange.org
> > > > > > Windows Security Resource Site:
> http://www.windowsecurity.com/
> > > > > > Network Security Library: http://www.secinf.net/
> > > > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > > > ------------------------------------------------------
> > > > > > You are currently subscribed to this ISAserver.org
> Discussion
> > > > > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > > > > To unsubscribe visit
> > > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > > >
> > > > > >
> > > > >
> > > > > ------------------------------------------------------
> > > > > List Archives:
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > ISA Server Newsletter:
> > > http://www.isaserver.org/pages/newsletter.asp
> > > > > ISA Server FAQ:
> > > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > > ------------------------------------------------------
> > > > > Other Internet Software Marketing Sites:
> > > > > World of Windows Networking: http://www.windowsnetworking.com
> > > > > Leading Network Software Directory: http://www.serverfiles.com
> > > > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > > > Network Security Library: http://www.secinf.net/
> > > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > > ------------------------------------------------------
> > > > > You are currently subscribed to this ISAserver.org
> > > > Discussion List as:
> > > > > info@xxxxxxx
> > > > > To unsubscribe visit
> > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > >
> > > > > ------------------------------------------------------
> > > > > List Archives:
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > ISA Server Newsletter:
> > > http://www.isaserver.org/pages/newsletter.asp
> > > > > ISA Server FAQ:
> > > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > > ------------------------------------------------------
> > > > > Other Internet Software Marketing Sites:
> > > > > World of Windows Networking: http://www.windowsnetworking.com
> > > > > Leading Network Software Directory: http://www.serverfiles.com
> > > > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > > > Network Security Library: http://www.secinf.net/
> > > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > > ------------------------------------------------------
> > > > > You are currently subscribed to this ISAserver.org Discussion
> > > > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > > > To unsubscribe visit
> > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > >
> > > > >
> > > >
> > > > ------------------------------------------------------
> > > > List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter:
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ:
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Other Internet Software Marketing Sites:
> > > > World of Windows Networking: http://www.windowsnetworking.com
> > > > Leading Network Software Directory: http://www.serverfiles.com
> > > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > > Network Security Library: http://www.secinf.net/
> > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org
> > > Discussion List as:
> > > > info@xxxxxxx
> > > > To unsubscribe visit
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > >
> > > > ------------------------------------------------------
> > > > List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter:
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ:
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Other Internet Software Marketing Sites:
> > > > World of Windows Networking: http://www.windowsnetworking.com
> > > > Leading Network Software Directory: http://www.serverfiles.com
> > > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > > Network Security Library: http://www.secinf.net/
> > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org Discussion
> > > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > > To unsubscribe visit
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > >
> > > >
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> > Discussion List as:
> > > info@xxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion
> > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > info@xxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> josephk@xxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
thor@xxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
josephk@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem

1. Home
2. isalist
3. Archive
4. 07-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---