thanks tom! -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Thursday, April 24, 2003 10:05 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Adding Second Firewall http://www.ISAserver.org Hi Jose, I think a PIX is a nice front end for the ISA Server, as long as you don't need to publish sites that require applications filters. For example, you might run into issues with Exchange RPC publishing with a PIX in front of the ISA Server. But outbound access shouldn't pose much of a problem. However, whether you use ISA Server, PIX, CP or Joe's home-grown firewall on-a-floppy, you can put it in front of ISA Server and get things to work, it'll just take some work and a lot lot of open ports on the front end firewall. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Jose Rhommel D Jayo [mailto:jose.jayo@xxxxxxxxxxxxxxxxxxxxxx] Sent: Wednesday, April 23, 2003 8:59 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Adding Second Firewall http://www.ISAserver.org hi, i wonder if there is any firewall product that can compete with ISA in layer 7 arena :) anyway, indeed i suppose black boxes would be always a step behind from their software based cousins in terms of upper layer intelligence but because the expected Internet traffic that will pass is huge, i needed a faster,low-maintenance, no-client license firewall at the network edge and cisco box fit the bill just right. i'm not sure what ISA functionality i'm missing in this set-up though, well for one the pix doesn't give any logs... -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Thursday, April 24, 2003 9:17 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Adding Second Firewall http://www.ISAserver.org Hi Jose, I would have to agree here. From a security viewpoint, you're a lot better off using firewalls from two differnet vendors in your back to back firewall config. The drawback is that most black boxes aren't as "smart" as ISA Server in the layer 7 arena, which can lead to unfortunate trade-offs in functionality. Thanks! Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Jose Rhommel D Jayo [mailto:jose.jayo@xxxxxxxxxxxxxxxxxxxxxx] Sent: Tuesday, April 22, 2003 10:34 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Adding Second Firewall http://www.ISAserver.org usually, a two-tier firewall design uses different firewall product. doesn't make sense to use the same firewall. you might as well put the caching firewall closer to the user for performance reasons... i once installed ISA server in integrated mode directly behind a Cisco PIX... (PIX internal interface connected to ISA's external's) -----Original Message----- From: John Lyon [mailto:jlyon@xxxxxxxxxxxxx] Sent: Tuesday, April 22, 2003 9:19 PM To: [ISAserver.org Discussion List] Subject: [isalist] Adding Second Firewall http://www.ISAserver.org Need advise on best way to proceed. Have a fully functioning integrated mode ISA server. Does web publishing/server publishing and VPN connections. Now, I have a request to add a secondary ISA in firewall mode only for added security. Do not have or need a DMZ for now to contend with. How best do I add that second server? If I put the new one out in front of the current server isn't that going to mess up all my external IP's configured? OR, is it possible for me to pass all that traffic right on through. Help the firewall challenged please!!! Thanks John http://www.accuwired.com ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jose.jayo@xxxxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jose.jayo@xxxxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jose.jayo@xxxxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')