Re: Cache only mode

• From: "Stuart Pittwood" <SPittwood@xxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 14 Oct 2003 15:02:40 +0100

I am considering installing websense on the ISA and if I have read the
documentation correctly you can point the PIX to the websense server and
even if the user circumvents the proxy to navigate to a forbidden site
the pix will still block it (url-server command).

-----Original Message-----
From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx] 
Sent: 14 October 2003 14:59
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Cache only mode


AD: Get Thawte's New Step-by-Step SSL Guide for MSIIS: 
http://www.isaserver.org/thawte/
Well, for what it's worth, it's quite simple to setup an ACL on the
inside interface of the PIX to only allow outbound traffic from the
trusted IP of the ISA Server.

Works like a charm as the PIX will (quite arrogantly) deny all other
requests!!!

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: 14 October 2003 15:22 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Cache only mode

AD: Get Thawte's New Step-by-Step SSL Guide for MSIIS: 
http://www.isaserver.org/thawte/
Actually, this is the most common setup.
Folks with existing firewlls deploy ISA as a caching device all the
time.

As Shawn stated, you can still use ISA as a second-layer firewall, but
that's not a requirement unless you maintain the present two-NIC
installation.

The biggest caveat is making sure that no web traffic crosses the PIX
unless it comes from the ISA (or other pre-approved IP).  ISA can only
control what it sees, after all...

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!


On Tue, 14 Oct 2003 08:42:16 +0100
 "Stuart Pittwood" <SPittwood@xxxxxxxxxxxxxxxxx> wrote:
AD: Get Thawte?s New Step-by-Step SSL Guide for MSIIS: 
http://www.isaserver.org/thawte/
Hi all,
 
For reasons I'm not going to get into here we're considering dumping ISA
as our firewall in favour of a Cisco PIX.  We will however be keeping an
ISA server as a web cache.  My question is, as a web cache can I still
use the filtering rules to control access to certain websites (could I
still load websense onto the server and have it filter)
 
TIA
 
Stu P

A full list of partners in Amery-Parkes is available for inspection at
all of our offices.

Information contained in this e-mail is intended for the use of the
addressee only, and is confidential and may be the subject of Legal
Professional Privilege.  Any dissemination, distribution, copying or use
this communication without prior permission of the addressee is strictly
prohibited.

The contents of an attachment to this email may contain software viruses
which could damage your own computer system.  Whilst Amery-Parkes has
taken every reasonable precaution to minimise this risk, we do not
accept liability for any damage which you sustain as a result of
software viruses. You should carry out your own virus checks before
opening any attachment to this email.




Get Thawte?s New Step-by-Step SSL Guide for MSIIS
Find out how to test, purchase, and install a Thawte Digital Certificate
on your MSIIS web server: 
http://www.isaserver.org/thawte/

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*

All mail from this domain is virus-scanned with RAV.
www.ravantivirus.com

^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*


Get Thawte's New Step-by-Step SSL Guide for MSIIS
Find out how to test, purchase, and install a Thawte Digital Certificate
on your MSIIS web server: 
http://www.isaserver.org/thawte/

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
robertson.william@xxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

---------------------------------------------------------------------
Everything in this e-mail and attachments relating to the official 
business of Columbus Stainless is proprietary to the company. It is 
confidential, legally privileged and protected by law. Columbus 
Stainless does not own and endorse any other content. Views and 
opinions are those of the sender unless clearly stated as being that 
of Columbus Stainless. The person addressed in the e-mail is the sole 
authorised recipient.  Please notify the sender immediately if it has 
unintentionally reached you and do not read, disclose or use the 
content in any way. Whilst all reasonable steps are taken to ensure 
the accuracy and integrity of information and data transmitted 
electronically and to preserve the confidentiality thereof, no 
liability or responsibility whatsoever is accepted if information or 
data is,for whatever reason, corrupted or does not reach its intended
destination.
---------------------------------------------------------------------

Get Thawte's New Step-by-Step SSL Guide for MSIIS
Find out how to test, purchase, and install a Thawte Digital Certificate
on your MSIIS web server: 
http://www.isaserver.org/thawte/

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
spittwood@xxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

Other related posts:

• » Cache only mode
• » RE: Cache only mode
• » RE: Cache only mode
• » Re: Cache only mode
• » Re: Cache only mode
• » Re: Cache only mode
• » RE: Cache only mode

1. Home
2. isalist
3. Archive
4. 10-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---