DMZ perimeter network works withOUT a packet filter

• From: "Nigel Carroll" <nigel@xxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 25 Jan 2002 02:34:23 +0800

I found that even when I had a packer filter defined all I could do was
ping from PC (see below) which is normal due to the way ICMP is allowed
when IP routing is enabled, so had to define a protocol filter to get
web access. 

I then DISabled the Packet filter and to my surprise discovered that ISA
does NOT block outward access from PC - all that is needed is a Protocol
filter. 

This is contrary to doco I've read (in Tom's book) that says you should
ONLY need a packet filter when using a perimeter network DMZ design like
mine below.
Am I missing something here or is this normal behaviour? 
Nigel

internet
|
|
External NIC
ISA Server
Internal NIC
Priv IP     Pub IP
|             |
|             |
LAN         PC with Pub IP

Other related posts:

• » DMZ perimeter network works withOUT a packet filter
• » RE: DMZ perimeter network works withOUT a packet filter
• » RE: DMZ perimeter network works withOUT a packet filter
• » RE: DMZ perimeter network works withOUT a packet filter

1. Home
2. isalist
3. Archive
4. 01-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---