Re: "Enable IP routing" option - what does it do?
- From: Jim Harrison <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 20 Nov 2003 22:46:55 -0800
Simplify your life:
IP Routing enables the Kernel mode data pump, which allows data to be
transfered in kernel mode code, rather than switching between user mode and
back again.
So long as you keep IP Filtering enabled, ISA will only pass that traffic for
which you create rules.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
On Thu, 20 Nov 2003 22:04:51 -0700
"Steve Gerzabek" <steve.gerzabek@xxxxxxxxxxxx> wrote:
http://www.ISAserver.org
G'day all,
I have done a Google search, isaserver.org, and books24x7.com search (also
around 1000 emails in this weblist) and cannot find a clear description of
the option "Enable IP routing" on the General tab of IP Packet Filters
Properties, and what the security implications are if this option is
enabled.
The best I could find is:
IP routing is like a conduit that simply moves traffic from one area to
another; in this case IP routing moves traffic from the Internet through
the firewall to your internal network. Without packet filtering, IP
routing provides no protection whatsoever, routing any and all requests.
It does, however, help to improve ISA Server?s performance and
functionality (see Microsoft Knowledge Base article 279347, ?Enable IP
Routing on ISA Server to Increase Performance,? at http://
support.microsoft.com, for one example
Obviously I would like to increase ISA performance by having this option
turned on but am not sure what the security implications are. One
description I found says only enable this option for tri-homed ISA
servers. This has left me stunned and confused. Can anyone help?
My configuration:
- 2 ISA servers in an Array, both installed in Integrated mode and only
used for Outgoing access. Server publishing will never be used on these
servers.
- 2 NICS per server - 1 connected to Internal network, 1 connected to
External network
- Site and Content Rule - Allow any request to all external destinations
(Websense is used to filter sites)
- Protocol Rules - HTTP/HTTPS allowed and applied to group X, FTP
(Download only) allowed and applied to group Y.
- Packet filtering is enabled, as is Intrusion detection
Regards,
Steve.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*
All mail from this domain is virus-scanned with RAV.
www.ravantivirus.com
^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*
Other related posts:
