RE: automatically detect isa server problem

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 20 Jul 2005 13:39:19 -0500

Hmmm. Better see if I can get that quote removed ;)

Would like you an alternate quote included?

Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls

 

> -----Original Message-----
> From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] 
> Sent: Wednesday, July 20, 2005 1:30 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: automatically detect isa server problem
> 
> http://www.ISAserver.org
> 
> Payback is a mf.
> 
> ----- Original Message ----- 
> From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Wednesday, July 20, 2005 11:21 AM
> Subject: [isalist] RE: automatically detect isa server problem
> 
> 
> http://www.ISAserver.org
> 
> You said I could quote you on that :)
> 
> Tom
> www.isaserver.org/shinder
> Tom and Deb Shinder's Configuring ISA Server 2004
> http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> 
> 
> 
> > -----Original Message-----
> > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > Sent: Wednesday, July 20, 2005 1:16 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: automatically detect isa server problem
> >
> > http://www.ISAserver.org
> >
> > Oh, great... "Tim the pompous ass."  I hope you're 
> including context!!
> >
> > t
> >
> > ----- Original Message ----- 
> > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Sent: Wednesday, July 20, 2005 11:03 AM
> > Subject: [isalist] RE: automatically detect isa server problem
> >
> >
> > http://www.ISAserver.org
> >
> > Hi Tim,
> >
> > Great stuff! Just entered into my database of article ideas :-)
> >
> > BTW -- the following quote will appear in this month's ISAServer.org
> > newsletter:
> >
> > "If I gloated every time I was right, I'd never have an 
> opportunity to
> > make a
> > mistake!"  --Tim Mullen
> >
> > Tom
> > www.isaserver.org/shinder
> > Tom and Deb Shinder's Configuring ISA Server 2004
> > http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> >
> >
> >
> > > -----Original Message-----
> > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > > Sent: Wednesday, July 20, 2005 12:48 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: automatically detect isa server problem
> > >
> > > http://www.ISAserver.org
> > >
> > > It all depends on what works best for your setup.  My DMZ
> > > houses servers for
> > > data-driven web content, as well as my av/spam smtp gateway.
> > > There is also
> > > an authorization infrastructure in place for external users
> > > to log on to
> > > access private, client-based resources.  As such, having AD
> > > in the DMZ
> > > allows for much easier policy-based administration, and
> > > affords more secure
> > > options such as certificate-based IPSec rules in the DMZ,
> > > server hardening
> > > group policy objects, etc.
> > >
> > > t
> > >
> > > ----- Original Message ----- 
> > > From: "JosephK" <josephk@xxxxxxxxx>
> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > Sent: Wednesday, July 20, 2005 10:23 AM
> > > Subject: [isalist] RE: automatically detect isa server problem
> > >
> > >
> > > http://www.ISAserver.org
> > >
> > > That's actually an interesting concept. I only have mail
> > > forwarders and
> > > a sniffer in my honeypot dmz. Do you think that it is a 
> good idea to
> > > keep
> > > a second domain in the DMZ domain? And what are some
> > > additional benefits
> > > of
> > > doing so?
> > > Thank you,
> > > Joseph
> > >
> > > -----Original Message-----
> > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > > Sent: Wednesday, July 20, 2005 10:17 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: automatically detect isa server problem
> > >
> > > http://www.ISAserver.org
> > >
> > > Well, I wouldn't say "no reason" like that... My FE ISA 
> server is a
> > > member
> > > of the DMZ domain for the same reason.  Of course, the DMZ
> > domain and
> > > the
> > > internal domain don't have anything to do with each other-- 
> > but things
> > > like
> > > authentication and group policy are quite valid reasons to
> > have even a
> > > FE
> > > ISA as a domain member.   But I know you know that ;)
> > >
> > > t
> > >
> > > ----- Original Message ----- 
> > > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > Sent: Wednesday, July 20, 2005 10:00 AM
> > > Subject: [isalist] RE: automatically detect isa server problem
> > >
> > >
> > > http://www.ISAserver.org
> > >
> > > Hi Joseph,
> > >
> > > Exactly. Since there isn't a net increase in the level of security
> > > offered by the front-end being a domain member, there's no
> > > reason to do
> > > so. What gets me are those who won't join the ISA firewall to
> > > the domain
> > > because they're afraid men from Mars will come here and not
> > > get Measles.
> > >
> > > Tom
> > > www.isaserver.org/shinder
> > > Tom and Deb Shinder's Configuring ISA Server 2004
> > > http://tinyurl.com/3xqb7
> > > MVP -- ISA Firewalls
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: JosephK [mailto:josephk@xxxxxxxxx]
> > > > Sent: Wednesday, July 20, 2005 11:51 AM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] RE: automatically detect isa server problem
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > Hi Thomas,
> > > > I join the internal ISA box in my back to back to the domain.
> > > > The front end ISA box isn't joined to the domain.  And I
> > > > agree that the
> > > > front end really doesn't need to be added to a domain.
> > > >
> > > > Joseph
> > > >
> > > > -----Original Message-----
> > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > > > Sent: Wednesday, July 20, 2005 5:33 AM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] RE: automatically detect isa server problem
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > ARRRGGG!
> > > >
> > > > Join that ISA firewall to the domain ASAP. It's a more secure
> > > > config and
> > > > then your Firewall clients will work (which is just one
> > of the many
> > > > reasons why a domain joined ISA firewall is more secure).
> > > >
> > > > I always join ISA firewalls to the domain when
> > appropriate. The only
> > > > time when it wouldn't provide an enhanced security posture is
> > > > in a back
> > > > to back config, when the front end isn't doing any auth 
> chores and
> > > > you're running an anonymous access DMZ between the front
> > > end and back
> > > > end.
> > > >
> > > > HTH,
> > > >
> > > > Tom
> > > > www.isaserver.org/shinder
> > > > Tom and Deb Shinder's Configuring ISA Server 2004
> > > > http://tinyurl.com/3xqb7
> > > > MVP -- ISA Firewalls
> > > >
> > > >
> > > >
> > > > > -----Original Message-----
> > > > > From: jankees [mailto:jankees@xxxxxxx] On Behalf Of info
> > > > > Sent: Wednesday, July 20, 2005 7:29 AM
> > > > > To: [ISAserver.org Discussion List]
> > > > > Subject: [isalist] RE: automatically detect isa server problem
> > > > >
> > > > > http://www.ISAserver.org
> > > > >
> > > > > Firewall is a standalone server. (not member of any domain)
> > > > Client is
> > > > > not member of any domain.
> > > > > DNS server is AD domain controller. (this is my
> > personal exchange
> > > > > server, hence the AD.....)
> > > > >
> > > > > -----Original Message-----
> > > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > > > > Sent: Wednesday, July 20, 2005 2:19 PM
> > > > > To: [ISAserver.org Discussion List]
> > > > > Subject: [isalist] RE: automatically detect isa server problem
> > > > >
> > > > > http://www.ISAserver.org
> > > > >
> > > > > Hi Info,
> > > > >
> > > > > Are the clients members of the same domain as the ISA 
> firewall?
> > > > >
> > > > > Tom
> > > > > www.isaserver.org/shinder
> > > > > Tom and Deb Shinder's Configuring ISA Server 2004
> > > > > http://tinyurl.com/3xqb7
> > > > > MVP -- ISA Firewalls
> > > > >
> > > > >
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: jankees [mailto:jankees@xxxxxxx] On Behalf Of info
> > > > > > Sent: Wednesday, July 20, 2005 7:15 AM
> > > > > > To: [ISAserver.org Discussion List]
> > > > > > Subject: [isalist] RE: automatically detect isa 
> server problem
> > > > > >
> > > > > > http://www.ISAserver.org
> > > > > >
> > > > > > It takes about 4 seconds before it syas: Failed to detect
> > > > > ISA Server.
> > > > > >
> > > > > > -----Original Message-----
> > > > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > > > > > Sent: Wednesday, July 20, 2005 2:06 PM
> > > > > > To: [ISAserver.org Discussion List]
> > > > > > Subject: [isalist] RE: automatically detect isa 
> server problem
> > > > > >
> > > > > > http://www.ISAserver.org
> > > > > >
> > > > > > Hi Info,
> > > > > >
> > > > > > OK, sounds good so far.
> > > > > >
> > > > > > What happens when you click Detect Now?
> > > > > >
> > > > > > Tom
> > > > > > www.isaserver.org/shinder
> > > > > > Tom and Deb Shinder's Configuring ISA Server 2004
> > > > > > http://tinyurl.com/3xqb7
> > > > > > MVP -- ISA Firewalls
> > > > > >
> > > > > >
> > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: jankees [mailto:jankees@xxxxxxx] On Behalf Of info
> > > > > > > Sent: Wednesday, July 20, 2005 6:57 AM
> > > > > > > To: [ISAserver.org Discussion List]
> > > > > > > Subject: [isalist] RE: automatically detect isa
> > server problem
> > > > > > >
> > > > > > > http://www.ISAserver.org
> > > > > > >
> > > > > > >
> > > > > > > The configuration must almost be correct, since the
> > > > > autodetect does
> > > > > > > work, after I do an explicit "ping wpad" from the client.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > Dns is setup as follows:
> > > > > > >
> > > > > > > Wpad alias (cname) boss_lan.fels.us
> > > > > > > Boss_lan host (A) 10.1.0.1
> > > > > > > Boss_dmz host (A) 10.2.0.1
> > > > > > >
> > > > > > > Default gateway of the client is 10.1.0.1
> > > > > > >
> > > > > > > Client is on the "Internal" network.
> > > > > > >
> > > > > > > "Internal" network settings on isa firewall:
> > > > > > >
> > > > > > > Firewall client support is enabled.
> > > > > > > Isa server name is set to "boss_lan.fels.us"
> > > > > > > Automatically detect settings is selected.
> > > > > > >
> > > > > > > Publish automatic discovery information is selected,
> > > > > default port 80
> > > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > > > > > > Sent: Wednesday, July 20, 2005 1:26 PM
> > > > > > > To: [ISAserver.org Discussion List]
> > > > > > > Subject: [isalist] RE: automatically detect isa
> > server problem
> > > > > > >
> > > > > > > http://www.ISAserver.org
> > > > > > >
> > > > > > > What are they?
> > > > > > >
> > > > > > > Tom
> > > > > > > www.isaserver.org/shinder
> > > > > > > Tom and Deb Shinder's Configuring ISA Server 2004
> > > > > > > http://tinyurl.com/3xqb7
> > > > > > > MVP -- ISA Firewalls
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > > -----Original Message-----
> > > > > > > > From: jankees [mailto:jankees@xxxxxxx] On Behalf Of info
> > > > > > > > Sent: Wednesday, July 20, 2005 6:22 AM
> > > > > > > > To: [ISAserver.org Discussion List]
> > > > > > > > Subject: [isalist] RE: automatically detect isa
> > > server problem
> > > > > > > >
> > > > > > > > http://www.ISAserver.org
> > > > > > > >
> > > > > > > > Hi there,
> > > > > > > >
> > > > > > > > I believe they are correct. What can I do?
> > > > > > > >
> > > > > > > > -----Original Message-----
> > > > > > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > > > > > > > Sent: Wednesday, July 20, 2005 1:12 PM
> > > > > > > > To: [ISAserver.org Discussion List]
> > > > > > > > Subject: [isalist] RE: automatically detect isa
> > > server problem
> > > > > > > >
> > > > > > > > http://www.ISAserver.org
> > > > > > > >
> > > > > > > > Hi Info,

> 

Other related posts:

• » automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem

1. Home
2. isalist
3. Archive
4. 07-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---