Hmmm. Better see if I can get that quote removed ;) Would like you an alternate quote included? Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] > Sent: Wednesday, July 20, 2005 1:30 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: automatically detect isa server problem > > http://www.ISAserver.org > > Payback is a mf. > > ----- Original Message ----- > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Wednesday, July 20, 2005 11:21 AM > Subject: [isalist] RE: automatically detect isa server problem > > > http://www.ISAserver.org > > You said I could quote you on that :) > > Tom > www.isaserver.org/shinder > Tom and Deb Shinder's Configuring ISA Server 2004 > http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > > > > > -----Original Message----- > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] > > Sent: Wednesday, July 20, 2005 1:16 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: automatically detect isa server problem > > > > http://www.ISAserver.org > > > > Oh, great... "Tim the pompous ass." I hope you're > including context!! > > > > t > > > > ----- Original Message ----- > > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > > Sent: Wednesday, July 20, 2005 11:03 AM > > Subject: [isalist] RE: automatically detect isa server problem > > > > > > http://www.ISAserver.org > > > > Hi Tim, > > > > Great stuff! Just entered into my database of article ideas :-) > > > > BTW -- the following quote will appear in this month's ISAServer.org > > newsletter: > > > > "If I gloated every time I was right, I'd never have an > opportunity to > > make a > > mistake!" --Tim Mullen > > > > Tom > > www.isaserver.org/shinder > > Tom and Deb Shinder's Configuring ISA Server 2004 > > http://tinyurl.com/3xqb7 > > MVP -- ISA Firewalls > > > > > > > > > -----Original Message----- > > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] > > > Sent: Wednesday, July 20, 2005 12:48 PM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] RE: automatically detect isa server problem > > > > > > http://www.ISAserver.org > > > > > > It all depends on what works best for your setup. My DMZ > > > houses servers for > > > data-driven web content, as well as my av/spam smtp gateway. > > > There is also > > > an authorization infrastructure in place for external users > > > to log on to > > > access private, client-based resources. As such, having AD > > > in the DMZ > > > allows for much easier policy-based administration, and > > > affords more secure > > > options such as certificate-based IPSec rules in the DMZ, > > > server hardening > > > group policy objects, etc. > > > > > > t > > > > > > ----- Original Message ----- > > > From: "JosephK" <josephk@xxxxxxxxx> > > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > > > Sent: Wednesday, July 20, 2005 10:23 AM > > > Subject: [isalist] RE: automatically detect isa server problem > > > > > > > > > http://www.ISAserver.org > > > > > > That's actually an interesting concept. I only have mail > > > forwarders and > > > a sniffer in my honeypot dmz. Do you think that it is a > good idea to > > > keep > > > a second domain in the DMZ domain? And what are some > > > additional benefits > > > of > > > doing so? > > > Thank you, > > > Joseph > > > > > > -----Original Message----- > > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] > > > Sent: Wednesday, July 20, 2005 10:17 AM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] RE: automatically detect isa server problem > > > > > > http://www.ISAserver.org > > > > > > Well, I wouldn't say "no reason" like that... My FE ISA > server is a > > > member > > > of the DMZ domain for the same reason. Of course, the DMZ > > domain and > > > the > > > internal domain don't have anything to do with each other-- > > but things > > > like > > > authentication and group policy are quite valid reasons to > > have even a > > > FE > > > ISA as a domain member. But I know you know that ;) > > > > > > t > > > > > > ----- Original Message ----- > > > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx> > > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > > > Sent: Wednesday, July 20, 2005 10:00 AM > > > Subject: [isalist] RE: automatically detect isa server problem > > > > > > > > > http://www.ISAserver.org > > > > > > Hi Joseph, > > > > > > Exactly. Since there isn't a net increase in the level of security > > > offered by the front-end being a domain member, there's no > > > reason to do > > > so. What gets me are those who won't join the ISA firewall to > > > the domain > > > because they're afraid men from Mars will come here and not > > > get Measles. > > > > > > Tom > > > www.isaserver.org/shinder > > > Tom and Deb Shinder's Configuring ISA Server 2004 > > > http://tinyurl.com/3xqb7 > > > MVP -- ISA Firewalls > > > > > > > > > > > > > -----Original Message----- > > > > From: JosephK [mailto:josephk@xxxxxxxxx] > > > > Sent: Wednesday, July 20, 2005 11:51 AM > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] RE: automatically detect isa server problem > > > > > > > > http://www.ISAserver.org > > > > > > > > Hi Thomas, > > > > I join the internal ISA box in my back to back to the domain. > > > > The front end ISA box isn't joined to the domain. And I > > > > agree that the > > > > front end really doesn't need to be added to a domain. > > > > > > > > Joseph > > > > > > > > -----Original Message----- > > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > > > > Sent: Wednesday, July 20, 2005 5:33 AM > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] RE: automatically detect isa server problem > > > > > > > > http://www.ISAserver.org > > > > > > > > ARRRGGG! > > > > > > > > Join that ISA firewall to the domain ASAP. It's a more secure > > > > config and > > > > then your Firewall clients will work (which is just one > > of the many > > > > reasons why a domain joined ISA firewall is more secure). > > > > > > > > I always join ISA firewalls to the domain when > > appropriate. The only > > > > time when it wouldn't provide an enhanced security posture is > > > > in a back > > > > to back config, when the front end isn't doing any auth > chores and > > > > you're running an anonymous access DMZ between the front > > > end and back > > > > end. > > > > > > > > HTH, > > > > > > > > Tom > > > > www.isaserver.org/shinder > > > > Tom and Deb Shinder's Configuring ISA Server 2004 > > > > http://tinyurl.com/3xqb7 > > > > MVP -- ISA Firewalls > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: jankees [mailto:jankees@xxxxxxx] On Behalf Of info > > > > > Sent: Wednesday, July 20, 2005 7:29 AM > > > > > To: [ISAserver.org Discussion List] > > > > > Subject: [isalist] RE: automatically detect isa server problem > > > > > > > > > > http://www.ISAserver.org > > > > > > > > > > Firewall is a standalone server. (not member of any domain) > > > > Client is > > > > > not member of any domain. > > > > > DNS server is AD domain controller. (this is my > > personal exchange > > > > > server, hence the AD.....) > > > > > > > > > > -----Original Message----- > > > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > > > > > Sent: Wednesday, July 20, 2005 2:19 PM > > > > > To: [ISAserver.org Discussion List] > > > > > Subject: [isalist] RE: automatically detect isa server problem > > > > > > > > > > http://www.ISAserver.org > > > > > > > > > > Hi Info, > > > > > > > > > > Are the clients members of the same domain as the ISA > firewall? > > > > > > > > > > Tom > > > > > www.isaserver.org/shinder > > > > > Tom and Deb Shinder's Configuring ISA Server 2004 > > > > > http://tinyurl.com/3xqb7 > > > > > MVP -- ISA Firewalls > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > From: jankees [mailto:jankees@xxxxxxx] On Behalf Of info > > > > > > Sent: Wednesday, July 20, 2005 7:15 AM > > > > > > To: [ISAserver.org Discussion List] > > > > > > Subject: [isalist] RE: automatically detect isa > server problem > > > > > > > > > > > > http://www.ISAserver.org > > > > > > > > > > > > It takes about 4 seconds before it syas: Failed to detect > > > > > ISA Server. > > > > > > > > > > > > -----Original Message----- > > > > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > > > > > > Sent: Wednesday, July 20, 2005 2:06 PM > > > > > > To: [ISAserver.org Discussion List] > > > > > > Subject: [isalist] RE: automatically detect isa > server problem > > > > > > > > > > > > http://www.ISAserver.org > > > > > > > > > > > > Hi Info, > > > > > > > > > > > > OK, sounds good so far. > > > > > > > > > > > > What happens when you click Detect Now? > > > > > > > > > > > > Tom > > > > > > www.isaserver.org/shinder > > > > > > Tom and Deb Shinder's Configuring ISA Server 2004 > > > > > > http://tinyurl.com/3xqb7 > > > > > > MVP -- ISA Firewalls > > > > > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > From: jankees [mailto:jankees@xxxxxxx] On Behalf Of info > > > > > > > Sent: Wednesday, July 20, 2005 6:57 AM > > > > > > > To: [ISAserver.org Discussion List] > > > > > > > Subject: [isalist] RE: automatically detect isa > > server problem > > > > > > > > > > > > > > http://www.ISAserver.org > > > > > > > > > > > > > > > > > > > > > The configuration must almost be correct, since the > > > > > autodetect does > > > > > > > work, after I do an explicit "ping wpad" from the client. > > > > > > > > > > > > > > > > > > > > > > > > > > > > Dns is setup as follows: > > > > > > > > > > > > > > Wpad alias (cname) boss_lan.fels.us > > > > > > > Boss_lan host (A) 10.1.0.1 > > > > > > > Boss_dmz host (A) 10.2.0.1 > > > > > > > > > > > > > > Default gateway of the client is 10.1.0.1 > > > > > > > > > > > > > > Client is on the "Internal" network. > > > > > > > > > > > > > > "Internal" network settings on isa firewall: > > > > > > > > > > > > > > Firewall client support is enabled. > > > > > > > Isa server name is set to "boss_lan.fels.us" > > > > > > > Automatically detect settings is selected. > > > > > > > > > > > > > > Publish automatic discovery information is selected, > > > > > default port 80 > > > > > > > > > > > > > > -----Original Message----- > > > > > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > > > > > > > Sent: Wednesday, July 20, 2005 1:26 PM > > > > > > > To: [ISAserver.org Discussion List] > > > > > > > Subject: [isalist] RE: automatically detect isa > > server problem > > > > > > > > > > > > > > http://www.ISAserver.org > > > > > > > > > > > > > > What are they? > > > > > > > > > > > > > > Tom > > > > > > > www.isaserver.org/shinder > > > > > > > Tom and Deb Shinder's Configuring ISA Server 2004 > > > > > > > http://tinyurl.com/3xqb7 > > > > > > > MVP -- ISA Firewalls > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > > From: jankees [mailto:jankees@xxxxxxx] On Behalf Of info > > > > > > > > Sent: Wednesday, July 20, 2005 6:22 AM > > > > > > > > To: [ISAserver.org Discussion List] > > > > > > > > Subject: [isalist] RE: automatically detect isa > > > server problem > > > > > > > > > > > > > > > > http://www.ISAserver.org > > > > > > > > > > > > > > > > Hi there, > > > > > > > > > > > > > > > > I believe they are correct. What can I do? > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > > > > > > > > Sent: Wednesday, July 20, 2005 1:12 PM > > > > > > > > To: [ISAserver.org Discussion List] > > > > > > > > Subject: [isalist] RE: automatically detect isa > > > server problem > > > > > > > > > > > > > > > > http://www.ISAserver.org > > > > > > > > > > > > > > > > Hi Info, >