RE: 2 Forests or not

• From: "Geldrop, Paul van" <paul.van.geldrop@xxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 6 Sep 2005 11:35:58 +0200

Somewhat of a late response, I realise, but still.

 

You will find that ISA 2004 as a domain member is a secure
configuration, so there's no specific reason not to do so.

 

One final addition: If you really want to use AD-security boundaries,
use separate forests, not domains. Domains are about as secure as a
security boundary as a wet cardboard box. So, forests, not domains.
Don't interchange the idea of forests and domains, they're quite
different in a lot of aspects. :o)

 

Regards,

 

Paul

 

________________________________

Van: Andy Haigh [mailto:ahaigh@xxxxxxxxxxxxxxxx] 
Verzonden: dinsdag 9 augustus 2005 10:00
Aan: [ISAserver.org Discussion List]
Onderwerp: [isalist] 2 Forests or not

 

http://www.ISAserver.org



I have been playing around with ISA2004 over the last month to get a
feel for it and to see how I should deploy it. 

The initial question I have is should I deploy the ISA Server in a
separate Forest from the rest of the domain or not (all W2K3 servers).
Is it as save if correctly configured as part of the domain?

I understand the added security it provides by having a separate domain
and a one way trust but are there any problems that will arise when I
try to use other features?

The Firewall will be used to provide: 

Outgoing HTTP, HTTPS and FTP 
Outgoing SMTP 
Incoming SMTP 
Incoming Client VPN's 
Site to Site VPN's 

Also does anyone know of a whitepaper/how to on setting up the two
Forest configuration. 

Thanks 

Andy 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
paul.van.geldrop@xxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 



This e-mail and any attachment is for authorised use by the intended 
recipient(s) only. It may contain proprietary material, confidential 
information and/or be subject to legal privilege. It should not be copied, 
disclosed to, retained or used by, any other party. If you are not an intended 
recipient then please promptly delete this e-mail and any attachment and all 
copies and inform the sender. Thank you.

Other related posts:

• » 2 Forests or not
• » RE: 2 Forests or not
• » RE: 2 Forests or not
• » RE: 2 Forests or not
• » RE: 2 Forests or not
• » RE: 2 Forests or not

1. Home
2. isalist
3. Archive
4. 09-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---