Somewhat of a late response, I realise, but still. You will find that ISA 2004 as a domain member is a secure configuration, so there's no specific reason not to do so. One final addition: If you really want to use AD-security boundaries, use separate forests, not domains. Domains are about as secure as a security boundary as a wet cardboard box. So, forests, not domains. Don't interchange the idea of forests and domains, they're quite different in a lot of aspects. :o) Regards, Paul ________________________________ Van: Andy Haigh [mailto:ahaigh@xxxxxxxxxxxxxxxx] Verzonden: dinsdag 9 augustus 2005 10:00 Aan: [ISAserver.org Discussion List] Onderwerp: [isalist] 2 Forests or not http://www.ISAserver.org I have been playing around with ISA2004 over the last month to get a feel for it and to see how I should deploy it. The initial question I have is should I deploy the ISA Server in a separate Forest from the rest of the domain or not (all W2K3 servers). Is it as save if correctly configured as part of the domain? I understand the added security it provides by having a separate domain and a one way trust but are there any problems that will arise when I try to use other features? The Firewall will be used to provide: Outgoing HTTP, HTTPS and FTP Outgoing SMTP Incoming SMTP Incoming Client VPN's Site to Site VPN's Also does anyone know of a whitepaper/how to on setting up the two Forest configuration. Thanks Andy ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: paul.van.geldrop@xxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.