[isapros] Re: ISA, Exchange 2007 and Perimeter Networks

  • From: "John T \(lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
  • To: <isapros@xxxxxxxxxxxxx>
  • Date: Wed, 28 Feb 2007 11:34:16 -0800

"ISA, not your average hardware firewall!"

"An ISA you can trust!"

"ISA, it just keeps working and working and working!"

"ISA blocks what others let through!"

John T

> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx]
> On Behalf Of Greg Mulholland
> Sent: Tuesday, February 27, 2007 1:36 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
> 
> An aussie contribution:
> 
> ISA ISA ISA, Oi Oi Oi.
> 
> Sorry that's really bad..
> 
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx]
> On
> Behalf Of Thor (Hammer of God)
> Sent: Wednesday, 28 February 2007 1:51 AM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
> 
> How about "ISA. So simple a caveman can use it."  Oh wait.  SBS already
> took
> that one! :-p
> 
> t
> 
> 
> On 2/27/07 6:36 AM, "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx>
> spoketh
> to all:
> 
> > Should be "Firewall's make me Hot", shouldn't it?
> >
> > How about "Flames, baby flames, you're goin' down." As said by The
> > Bomber What Bombs at Midnight. (from The Tick, of course)
> >
> > Amy
> >
> >
> > -----Original Message-----
> > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx]
> > On Behalf Of Gerald G. Young
> > Sent: Tuesday, February 27, 2007 9:12 AM
> > To: isapros@xxxxxxxxxxxxx
> > Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
> >
> > "ISA, your friendly, neighborhood firewall."
> > "Never a dull rule in ISA."
> > "ISA's hot." - as imagined said by Paris Hilton.
> > "ISA and PIX, sitting in a tree..." - yeah, not so much. ;)
> > "I'll show you my certificate if you'll show me yours."
> >
> > Cordially yours,
> > Jerry G. Young II
> > Application Engineer, Platform Engineering and Architecture
> > NTT America, an NTT Communications Company
> >
> > 22451 Shaw Rd.
> > Sterling, VA 20166
> >
> > Office: 571-434-1319
> > Fax: 703-333-6749
> > Email: g.young@xxxxxxxx
> >
> >
> > -----Original Message-----
> > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx]
> > On Behalf Of Thomas W Shinder
> > Sent: Monday, February 26, 2007 7:22 PM
> > To: isapros@xxxxxxxxxxxxx
> > Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
> >
> > "ISA's Got You In Its Sites"
> >
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org
> > Blog: http://blogs.isaserver.org/shinder/
> > Book: http://tinyurl.com/3xqb7
> > MVP -- Microsoft Firewalls (ISA)
> >
> >
> >
> >> -----Original Message-----
> >> From: isapros-bounce@xxxxxxxxxxxxx
> >> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak
> >> Sent: Monday, February 26, 2007 4:01 PM
> >> To: isapros@xxxxxxxxxxxxx
> >> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
> >>
> >> I'd rather be on Layer 7
> >>
> >> Amy
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> -----Original Message-----
> >> From: isapros-bounce@xxxxxxxxxxxxx
> >> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> >> On Behalf Of Jim Harrison
> >> Sent: Monday, February 26, 2007 4:45 PM
> >> To: isapros@xxxxxxxxxxxxx
> >> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
> >>
> >> Not bad; except for the trailing commentary...
> >> :-p
> >>
> >> -----Original Message-----
> >> From: isapros-bounce@xxxxxxxxxxxxx
> >> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> >> On Behalf Of Thomas W Shinder
> >> Sent: Monday, February 26, 2007 12:53 PM
> >> To: isapros@xxxxxxxxxxxxx
> >> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
> >>
> >> How about:
> >>
> >> "ISA Firewall Rules!"
> >>
> >> Get it? Firewall rules? Like in firewall ruleset? You know, sort of a
> >> double entendre sort of thingie :))
> >>
> >> Thomas W Shinder, M.D.
> >> Site: www.isaserver.org
> >> Blog: http://blogs.isaserver.org/shinder/
> >> Book: http://tinyurl.com/3xqb7
> >> MVP -- Microsoft Firewalls (ISA)
> >>
> >>
> >>
> >>> -----Original Message-----
> >>> From: isapros-bounce@xxxxxxxxxxxxx
> >>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> >>> Sent: Monday, February 26, 2007 2:27 PM
> >>> To: isapros@xxxxxxxxxxxxx
> >>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
> >>>
> >>> Ok - it's official - let's get an "ISABlog motto" contest going.
> >>> Basic rules:
> >>> - no derogatory comments about CheckPix or similar (makes
> >> the lawyers
> >>> tremble)
> >>> - no marketing spew
> >>> - keep it short (10 words max)
> >>> - must use ISA behavior or feature (like "wpad")
> >>> - should abuse a common phrase (like "does a nautical pimp keep his
> >>> 'oars' in the water?")
> >>>
> >>> -----Original Message-----
> >>> From: isapros-bounce@xxxxxxxxxxxxx
> >>> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> >>> On Behalf Of Thomas W Shinder
> >>> Sent: Monday, February 26, 2007 12:23 PM
> >>> To: isapros@xxxxxxxxxxxxx
> >>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
> >>>
> >>> You had me at WPAD? :)
> >>>
> >>> Thomas W Shinder, M.D.
> >>> Site: www.isaserver.org
> >>> Blog: http://blogs.isaserver.org/shinder/
> >>> Book: http://tinyurl.com/3xqb7
> >>> MVP -- Microsoft Firewalls (ISA)
> >>>
> >>>
> >>>
> >>>> -----Original Message-----
> >>>> From: isapros-bounce@xxxxxxxxxxxxx
> >>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> >>>> Sent: Monday, February 26, 2007 12:26 PM
> >>>> To: isapros@xxxxxxxxxxxxx
> >>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
> >>>>
> >>>> NDA is a completely different point and Amy has it right -
> >>>> non-MS lists
> >>>> are verboten to NDA material.
> >>>> I'm an "odd duck" in this context (for more than one reason -
> >>>> ha! - beat
> >>>> ya to it!), because it's actually a large part of my job
> >> to "keep my
> >>>> finger on the pulse", as it were.  This is why you see me
> >>> doing trips
> >>>> like tech Ready & Black Hat.  Unfortunately, fiscal
> >>>> limitations curtail
> >>>> any further involvement, but such is corporate life.
> >>>>
> >>>> I agree that the ISA team hasn't exactly kept pace with teams like
> >>>> Exchange (we don't even have a silly motto like "you had me
> >>> at ehlo"),
> >>>> but it still comes back to the "effort priorities".  I've
> >>> been working
> >>>> with the right folks to make this a better experience all around
> >>>> (especially for the MVPs), but these things tend to move slowly...
> >>>>
> >>>> -----Original Message-----
> >>>> From: isapros-bounce@xxxxxxxxxxxxx
> >>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> >>>> On Behalf Of Thor (Hammer of God)
> >>>> Sent: Monday, February 26, 2007 9:54 AM
> >>>> To: isapros@xxxxxxxxxxxxx
> >>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
> >>>>
> >>>> Conflicting info, then.  I was told by a source that non-MSFT
> >>>> lists were
> >>>> poo-poo'ed on for liability and NDA reasons.
> >>>>
> >>>> And while I totally understand the "bottom line" thinking, it
> >>>> seems like
> >>>> a
> >>>> huge waste to initiate something like the MVP program and to
> >>>> go through
> >>>> all
> >>>> the motions only to do it half-assed.
> >>>>
> >>>> t
> >>>>
> >>>>
> >>>> On 2/26/07 9:35 AM, "Jim Harrison" <Jim@xxxxxxxxxxxx>
> >>> spoketh to all:
> >>>>
> >>>>> In fact, ISA product team members are strongly encouraged to
> >>>> participate
> >>>>> in lists, NG, blogs and all other manner of public communication
> >>>>> efforts.
> >>>>> The sad fact is; the time available for such endeavors
> >> is woefully
> >>>>> small.
> >>>>> MS, like many profit-making businesses, operates with
> >> the smallest
> >>>> teams
> >>>>> required to produce product "X".
> >>>>> Unfortunately, with software engineering being what it
> >> is, and the
> >>>>> pressures of the marketing "old boy club", the teams are
> >>>> too small to
> >>>>> cover all the "nice to do" bases and still leave folks time for
> >>>>> themselves.
> >>>>>
> >>>>>
> >>>>> -----Original Message-----
> >>>>> From: isapros-bounce@xxxxxxxxxxxxx
> >>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> >>>>> On Behalf Of Thor (Hammer of God)
> >>>>> Sent: Monday, February 26, 2007 9:07 AM
> >>>>> To: isapros@xxxxxxxxxxxxx
> >>>>> Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
> >>>>>
> >>>>> I never really saw much from the PM's over there- just that
> >>>> one stint
> >>>>> about SQL logging, and to be honest, there wasn't much valuable
> >>>> content
> >>>>> sourced from the MSFT side... In fact, as I understand it,
> >>>> the PM and
> >>>>> product support people (other than Jim) are apparently
> >>> not pushed to
> >>>>> participate (and may be asked not to) because of the fact
> >>> that it is
> >>>> NOT
> >>>>> an official MSFT site, and that NDA and product liability
> >>> may be an
> >>>>> issue.
> >>>>>
> >>>>> I'm going to draft up a "suggestions for the MVP program"
> >>> and submit
> >>>>> them to the powers that be, just so that things like this can be
> >>>>> addressed.
> >>>>>
> >>>>> t
> >>>>>
> >>>>>
> >>>>> On 2/26/07 8:50 AM, "Thomas W Shinder"
> >>>> <tshinder@xxxxxxxxxxx> spoketh
> >>>> to
> >>>>> all:
> >>>>>
> >>>>>
> >>>>>
> >>>>> It's been a real problem for the ISA PG to work with the ISA
> >>>>> MVPs, because they think that the ISA MVPs are still
> >>>> involved with the
> >>>>> ISA MVP mailing list. I explained to them that because
> >> of "issues"
> >>>> with
> >>>>> that list that there was less than optimal participation
> >>>> and that they
> >>>>> needed to get a MS managed solution. At the very least,
> >> they could
> >>>>> create their own DL and send mail to people on that list. I hate
> >>>> missing
> >>>>> out on the ISA PGs communications on that "other" list, but
> >>>> my life is
> >>>>> so much better not having to listen to the ****** that
> >>> happens over
> >>>>> there.
> >>>>>
> >>>>> Thomas W Shinder, M.D.
> >>>>> Site: www.isaserver.org <http://www.isaserver.org/>
> >>>>> <http://www.isaserver.org/>
> >>>>> Blog: http://blogs.isaserver.org/shinder/
> >>>>> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
> >>>>> <http://tinyurl.com/3xqb7>
> >>>>> MVP -- Microsoft Firewalls (ISA)
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> ________________________________
> >>>>>
> >>>>> From: isapros-bounce@xxxxxxxxxxxxx
> >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor
> >> (Hammer of
> >>>> God)
> >>>>> Sent: Monday, February 26, 2007 8:56 AM
> >>>>> To:  isapros@xxxxxxxxxxxxx
> >>>>> Subject: [isapros] Re: ISA, Exchange 2007 and  Perimeter
> >>>>> Networks
> >>>>>
> >>>>>
> >>>>> I spoke with Melissa Travers, the MVP Lead for both  ISA
> >>>>> and Exchange, and she said the Exchange group's MVP site
> >>> was really,
> >>>>> really good, and that the Exchange group themselves is
> >>> quite active.
> >>>>> Being they are the Exchange group, I can see why they
> >> would have a
> >>>>> decent portal. ;)
> >>>>>
> >>>>> I suggested that if there were a single sourced,
> >>>>> Microsoft controlled MVP site where we could "browse
> >>> through" other
> >>>> MVP
> >>>>> list  content, that issues like this (the perceptions
> >>>> surrounding what
> >>>>> Exchange will  and won't support and why) would be much
> >> easier to
> >>>>> manage, and that "the right  people" from both sides could
> >>>> engage each
> >>>>> other in a positive way when two  technologies collide like
> >>>> this.  To
> >>>>> me, this is a major shortcoming in  the MVP program
> >>> overall.  Given
> >>>> the
> >>>>> fact that the MVP program was created  in order to provide a
> >>>>> collaborative environment for various technologies, it
> >>> seems like a
> >>>>> horrible waste of a perfect opportunity to expand that
> >>> environment
> >>>> out
> >>>>> to the MVP's and product teams in other product
> >>> competencies.    The
> >>>>> fate of the ISA-MVP list is testament to that.
> >>>>>
> >>>>> So, in  the absence of a coordinated effort on
> >>>>> Microsoft's part to wrap it's  collective arms around the
> >>> MVP's and
> >>>>> product teams, I'll see if I can get on  the Exchange
> >> MVP list and
> >>>> begin
> >>>>> a dialog of exactly what is going on here.   But I'll
> >> need to get
> >>>>> immersed in Ex2007 first, which I've just not had  the
> >> time to do.
> >>>> The
> >>>>> promise of true unified messaging in 2007 was  a major draw
> >>>> to me, but
> >>>>> given the apparent narrow PBX support and lack of  official
> >>>>> functionality documentation, the rush to explore has lost it's
> >>>> luster.
> >>>>>
> >>>>> t
> >>>>>
> >>>>>
> >>>>> On 2/26/07 6:02 AM, "Jim Harrison"  <Jim@xxxxxxxxxxxx>
> >>>>> spoketh to all:
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> Documentation always follows the  product, which
> >>>>> is barely on the streets.
> >>>>> I've seen some regarding WM6,  but the basic
> >>>>> concepts are the same.
> >>>>> ..coming soon to a website near  you...
> >>>>>
> >>>>>
> >>>>> From: isapros-bounce@xxxxxxxxxxxxx
> >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]  On Behalf Of Jason Jones
> >>>>> Sent: Monday, February 26, 2007  3:31 AM
> >>>>> To: isapros@xxxxxxxxxxxxx
> >>>>> Subject: [isapros] Re:  ISA, Exchange 2007 and
> >>>>> Perimeter Networks
> >>>>>
> >>>>> Hi All,
> >>>>>
> >>>>> Anyone (Tim?) had chance to look at the least
> >>>>> privilige approach with Exchange 2007 yet?
> >>>>>
> >>>>> From what I am hearing the "CAS not supported in
> >>>>> perimeter" statement is based more on "we haven't tested it
> >>>> yet" more
> >>>>> than  "we don't think it is a good idea".
> >>>>>
> >>>>> I have a few customers looking at placing the
> >>>>> entire  Exchange architecture behind ISA (very
> >> untrusted LANs) - I
> >>>> have
> >>>>> done this  with Exch2k3, but has anyone looked at this
> >>> for  Exch2k7?
> >>>>>
> >>>>> I am guessing this is not supported either, but
> >>>>> documentation is very thin on the ground with reference
> >> to 2k7 and
> >>>>> periemeter networking....
> >>>>>
> >>>>> Cheers
> >>>>>
> >>>>> JJ
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> ________________________________
> >>>>>
> >>>>>
> >>>>>
> >>>>> From: isapros-bounce@xxxxxxxxxxxxx
> >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]  On Behalf Of Thor
> >>> (Hammer of
> >>>> God)
> >>>>> Sent: 15 January 2007  15:27
> >>>>> To: isapros@xxxxxxxxxxxxx
> >>>>> Subject: [isapros] Re:  ISA, Exchange 2007 and
> >>>>> Perimeter Networks
> >>>>> Right you are...  The analogy fits when you use
> >>>>> "comparative logic" as opposed to just thinking of the zone in
> >>>>> singularity... Compared to the areas on either side of
> >> the DMZ, it
> >>>>> should be  easy to discern any activity at all in the
> >> DMZ itself-
> >>>>> particularly hostile  activities.  There are strict
> >> policies about
> >>>> what
> >>>>> can go on in the  Korean DMZ, as there should be in one's
> >>>> network DMZ.
> >>>>> Internet  traffic is chaotic, and I don't even bother trying to
> >>>>> determine what is  going on out on my Internet segment- I can't
> >>>> control
> >>>>> it anyway (other than  my policy of implementing router
> >>>> ACL's to match
> >>>>> inbound/outbound traffic  policies at my border
> >> router).  Internal
> >>>>> traffic isn't chaotic, but it  is  hard to monitor for "hostile"
> >>>> packets
> >>>>> given the sheer volume and  type of traffic being generated by
> >>>> internal
> >>>>> users, servers, services, etc to  any number of different
> >>> hosts and
> >>>>> clients.  But in the DMZ, you should  be able to
> >>> immediately notice
> >>>> when
> >>>>> something out of the ordinary is going  on.  For
> >>> instance, if I see
> >>>> POP3
> >>>>> logon traffic, I know something is  FUBAR, as I don't
> >>>> support POP3 in
> >>>> my
> >>>>> DMZ at all.  If I see modal  enumeration by way of a null
> >>> session, I
> >>>>> know something is going on.   And etc, etc.
> >>>>>
> >>>>> So, to me, it fits, and that is the term I
> >>>>> choose to use.  I won't be changing ;)
> >>>>>
> >>>>> t
> >>>>>
> >>>>>
> >>>>> On 1/15/07  6:40 AM, "Gerald G. Young"
> >>>>> <g.young@xxxxxxxx> spoketh to  all:
> >>>>> The DMZ in Korea itself isn't crawling with
> >>>>> military.  Either side of it is, ensuring that the
> >> definition of a
> >>>>> demilitarized zone is observed and maintained.  Before
> >>> the advent of
> >>>>> DMZs in networking, a DMZ meant an area from which
> >>> military forces,
> >>>>> operations, and installations were prohibited.
> >>> Essentially, it's a
> >>>>> wide empty area that constitutes a border with forces on
> >>> either side
> >>>>> pointing guns into it.
> >>>>>
> >>>>> I've always thought the adaptation of  the
> >>>>> acronym to the world of networking a bit strange.  "Oh!  We  got
> >>>>> activity in our networked DMZ!  Kill it!"  :-)
> >>>>>
> >>>>>
> >>>>> Cordially  yours,
> >>>>> Jerry G. Young  II
> >>>>> Product  Engineer - Senior
> >>>>> Platform Engineering, Enterprise Hosting
> >>>>> NTT  America, an NTT Communications Company
> >>>>>
> >>>>> 22451 Shaw  Rd.
> >>>>> Sterling, VA 20166
> >>>>>
> >>>>> Office: 571-434-1319
> >>>>> Fax:  703-333-6749
> >>>>> Email:  g.young@xxxxxxxx
> >>>>>
> >>>>>
> >>>>> From: isapros-bounce@xxxxxxxxxxxxx
> >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]  On Behalf Of Amy
> >> Babinchak
> >>>>> Sent: Sunday, January 14, 2007  7:08 PM
> >>>>> To: isapros@xxxxxxxxxxxxx
> >>>>> Subject: RE: [isapros]  Re: ISA, Exchange 2007
> >>>>> and Perimeter Networks
> >>>>>
> >>>>>
> >>>>> That's what it means to me too. Can't see the
> >>>>> Korean  no mans' land as qualifying as a DMZ when it's
> >>> crawling with
> >>>>> military.
> >>>>>
> >>>>>
> >>>>>
> >>>>> In this conversation we have to take into
> >>>>> consideration that CAS also includes the capability to
> >>>> provide access
> >>>> to
> >>>>> folders and files right in OWA. This may be the thing that the
> >>>> Exchange
> >>>>> team  thinks throws a monkey wrench into the secure
> >>>> deployment of CAS
> >>>> in
> >>>>> a a DMZ.
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> ________________________________
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> From: isapros-bounce@xxxxxxxxxxxxx on behalf  of
> >>>>> Jason Jones
> >>>>> Sent: Sat 1/13/2007 6:46 PM
> >>>>> To:  isapros@xxxxxxxxxxxxx
> >>>>> Subject: [isapros] Re: ISA, Exchange 2007  and
> >>>>> Perimeter Networks
> >>>>>
> >>>>> For me, DMZ means scary place completely
> >>>>> untrusted,  perimeter network means less scary place
> >> trusted to a
> >>>>> degree, but strongly  controlled
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> ________________________________
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> From: isapros-bounce@xxxxxxxxxxxxx
> >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]  On Behalf Of Thor
> >>> (Hammer of
> >>>> God)
> >>>>> Sent: 12 January 2007  23:51
> >>>>> To: isapros@xxxxxxxxxxxxx
> >>>>> Subject: [isapros] Re:  ISA, Exchange 2007 and
> >>>>> Perimeter Networks
> >>>>> Interesting... Probably a good idea for us to
> >>>>> actually articulate what we really mean when we say DMZ.
> >>>>>
> >>>>> I guess to  some it means "free for all network"
> >>>>> but for me, it should be the network  where you have the most
> >>>>> restrictive policies controlling each service so  that it
> >>> is obvious
> >>>>> when malicious traffic hits the wire.   Thoughts>
> >>>>> t
> >>>>>
> >>>>>
> >>>>> On 1/12/07 3:30 PM, "Steve Moffat"
> >>>>> <steve@xxxxxxxxxx> spoketh to all:
> >>>>> That's what I thought, now it's what I  know....
> >>>>>
> >>>>>
> >>>>> From: isapros-bounce@xxxxxxxxxxxxx
> >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]  On Behalf Of Jim Harrison
> >>>>> Sent: Friday, January 12, 2007  6:35 PM
> >>>>> To: isapros@xxxxxxxxxxxxx
> >>>>> Subject: [isapros] Re:  ISA, Exchange 2007 and
> >>>>> Perimeter Networks
> >>>>>
> >>>>> Aside from normal router & switch ACLs, ISA is
> >>>>> the single line of defense.
> >>>>> "..we don't need no stinking  DMZs"
> >>>>>
> >>>>>
> >>>>> From: isapros-bounce@xxxxxxxxxxxxx
> >>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]  On Behalf Of Steve Moffat
> >>>>> Sent: Friday, January 12, 2007  12:12 PM
> >>>>> To: isapros@xxxxxxxxxxxxx
> >>>>> Subject: [isapros]  Re: ISA, Exchange 2007 and
> >>>>> Perimeter Networks
> >>>>>
> >>>>> Ahh...just had a thought.
> >>>>>
> >>>>> It's all  labeling.
> >>>>>
> >>>>> Jason, and others (not Jason's fault), have been
> >>>>> using the term DMZ.
> >>>>>
> >>>>> Historically, is the term DMZ not taken
> >>>>> literally as being completely firewalled off from the trusted
> >>>> networks,
> >>>>> and  what Jason is talking about is trusted network
> >> segmentation.
> >>>>>
> >>>>> I  betcha that's why the Exchange team don't
> >>>>> support it...they think it's a  typical run of the mill DMZ...
> >>>>>
> >>>>> Jim, isn't MS's Internal network  segmented by
> >>>>> usin ISA?? Including your mail servers?
> >>>>>
> >>>>> S
> >>>>>
> >>>>>
> >>>>> All mail to and  from this domain is
> >>>>> GFI-scanned.
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> All mail to and from this domain is GFI-scanned.
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> All mail to and from this domain is GFI-scanned.
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> All mail to and from this domain is GFI-scanned.
> >>>>
> >>>>
> >>>>
> >>>>
> >>>
> >>>
> >>> All mail to and from this domain is GFI-scanned.
> >>>
> >>>
> >>>
> >>>
> >>
> >>
> >> All mail to and from this domain is GFI-scanned.
> >>
> >>
> >>
> >>
> >>
> >
> >
> >
> >
> 
> 
> 
>

Other related posts:

  1. Home
  2. isapros
  3. Archive
  4. 02-2007