RE: Ex2k FE in DMZ Segment
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 5 Dec 2005 20:05:36 -0600
nig·gle [nígg'l]
v (past nig·gled, past participle nig·gled, present participle nig·gling, 3rd
person present singular nig·gles)
1. vi criticize in petty way: to criticize or find fault continually,
especially about small matters
2. vi be preoccupied with details: to be preoccupied with petty details
3. vt worry somebody: to be a source of worry and irritation to somebody,
especially in a small way over a long period of time
n (plural nig·gles) U.K. Canada
1. petty criticism: a petty or carping criticism
Once we have a broad agreement, we can sort out these niggles.
2. nagging worry: a small but continuing source of annoyance or worry
[Early 17th century. Origin uncertain: possibly from Scandinavian .]
-nig·gler, n
Microsoft® Encarta® Reference Library 2004. © 1993-2003 Microsoft Corporation.
All rights reserved.
Bah!
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**
> -----Original Message-----
> From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> Sent: Monday, December 05, 2005 8:00 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Ex2k FE in DMZ Segment
>
> http://www.ISAserver.org
>
> P.S. That's "honky MoFo" to you!!!!
>
> lol
>
> ----- Original Message -----
> From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Monday, December 05, 2005 5:53 PM
> Subject: [isalist] RE: Ex2k FE in DMZ Segment
>
>
> http://www.ISAserver.org
>
> Yes. What a niggler for details. You should do my tax returns.
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> **Who is John Galt?**
>
>
>
> > -----Original Message-----
> > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > Sent: Monday, December 05, 2005 7:46 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Ex2k FE in DMZ Segment
> >
> > http://www.ISAserver.org
> >
> > You mean "except from the front-end to the back-end Exchange
> > server," not
> > "ISA firewall," right? But I got it other than that.
> > t
> >
> >
> > ----- Original Message -----
> > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Sent: Monday, December 05, 2005 5:36 PM
> > Subject: [isalist] RE: Ex2k FE in DMZ Segment
> >
> >
> > http://www.ISAserver.org
> >
> > No cheating :)
> >
> > Well, except from the front-end to the back-end ISA firewall,
> > since its
> > only HTTP. In that case, its either open HTTP or IPSec
> tunneled HTTP.
> > Your choice.
> >
> > So, its SSL tunnel from external client through the FE ISA
> firewall to
> > the BE ISA firewall, then SSL bridging from the BE ISA
> firewall to the
> > FE Exchange Server, and then either clear HTTP or HTTP/IPSec
> > from the FE
> > to the BE. It depends how much you trust your anonymous
> access DMZ and
> > its physical security (I'm not so worried about network
> > security, since
> > they had to auth first to get there, YMMV).
> >
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org
> > Blog: http://spaces.msn.com/members/drisa/
> > Book: http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> > **Who is John Galt?**
> >
> >
> >
> > > -----Original Message-----
> > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > > Sent: Monday, December 05, 2005 7:26 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: Ex2k FE in DMZ Segment
> > >
> > > http://www.ISAserver.org
> > >
> > > SSL everywhere then? No cheating?
> > >
> > > t
> > >
> > > ----- Original Message -----
> > > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > Sent: Monday, December 05, 2005 5:16 PM
> > > Subject: [isalist] RE: Ex2k FE in DMZ Segment
> > >
> > >
> > > http://www.ISAserver.org
> > >
> > > OK, good :)
> > >
> > > I use SSL Server Publishing Rules since there's no reason to
> > > go through
> > > the HTTP filter overhead on both devices. So, SSL tunneling
> > > through the
> > > front-end ISA firewall and then a Web Publishing Rule on
> > the back-end
> > > ISA firewall.
> > >
> > > S'good?
> > >
> > > Thomas W Shinder, M.D.
> > > Site: www.isaserver.org
> > > Blog: http://spaces.msn.com/members/drisa/
> > > Book: http://tinyurl.com/3xqb7
> > > MVP -- ISA Firewalls
> > > **Who is John Galt?**
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > > > Sent: Monday, December 05, 2005 7:09 PM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] RE: Ex2k FE in DMZ Segment
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > Knock, knock.
> > > >
> > > > -----
> > > > "And yet, even if one person finds his way... that means
> > > > there is a Way. Even if I personally fail to reach it."
> > > >
> > > > Mr. Nobusuke Tagomi
> > > > Top Place, Ranking Imperial Trade Mission
> > > > Pacific States of America
> > > >
> > > > ----- Original Message -----
> > > > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> > > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > > Sent: Monday, December 05, 2005 4:19 PM
> > > > Subject: [isalist] RE: Ex2k FE in DMZ Segment
> > > >
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > OK, let me try to figure out what the question is here.
> > > >
> > > > What you want to know is what to do on the FE ISA firewall
> > > to publish
> > > > the FE Exchange on the BE ISA firewall's DMZ. Right?
> > > >
> > > > Knock twice if yes, once if no.
> > > >
> > > > Thomas W Shinder, M.D.
> > > > Site: www.isaserver.org
> > > > Blog: http://spaces.msn.com/members/drisa/
> > > > Book: http://tinyurl.com/3xqb7
> > > > MVP -- ISA Firewalls
> > > > **Who is John Galt?**
> > > >
> > > >
> > > >
> > > > > -----Original Message-----
> > > > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > > > > Sent: Monday, December 05, 2005 4:43 PM
> > > > > To: [ISAserver.org Discussion List]
> > > > > Subject: [isalist] Ex2k FE in DMZ Segment
> > > > >
> > > > > http://www.ISAserver.org
> > > > >
> > > > > OK Doc- help me out here... How about give me the low down on
> > > > > exactly what
> > > > > you are thinking when it comes to this topology:
> > > > >
> > > > > [Internal Network]
> > > > > |
> > > > > |
> > > > > [Back End ISA] ---- [Ex FE DMZ]
> > > > > |
> > > > > [DMZ]
> > > > > |
> > > > > |
> > > > > [Front End ISA]
> > > > > |
> > > > > |
> > > > > [Internet]
> > > > >
> > > > >
> > > > > I've got my rules just fine from the [Ex FE DMZ] to the
> > > > > Internal- OWA works
> > > > > fine, etc.
> > > > >
> > > > > How about spill the beans on the HTTPS tunneling/bridging
> > > > > you've got going
> > > > > on. Where will I use what? I've got the [Ex FE DMZ] box
> > > > > requiring HTTPS
> > > > > and the owa.domain.com cert on that guy. Are you talking
> > > > > just server pub
> > > > > HTTPS from [Front End ISA] to [Back End ISA] and bridging
> > > > > from [Back End
> > > > > ISA] to [Ex FE DMZ]? Can you take a moment and tell me what
> > > > > you plan to do
> > > > > and where?
> > > > >
> > > > > t
> > > > >
> > > > >
> > > > > ------------------------------------------------------
> > > > > List Archives:
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > ISA Server Newsletter:
> > > http://www.isaserver.org/pages/newsletter.asp
> > > > > ISA Server FAQ:
> > > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > > ------------------------------------------------------
> > > > > Visit TechGenix.com for more information about our
> other sites:
> > > > > http://www.techgenix.com
> > > > > ------------------------------------------------------
> > > > > You are currently subscribed to this ISAserver.org Discussion
> > > > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > > > To unsubscribe visit
> > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > >
> > > > >
> > > >
> > > > ------------------------------------------------------
> > > > List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter:
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ:
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org Discussion
> > > > List as:
> > > > thor@xxxxxxxxxxxxxxx
> > > > To unsubscribe visit
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > >
> > > >
> > > >
> > > > ------------------------------------------------------
> > > > List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter:
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ:
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org Discussion
> > > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > > To unsubscribe visit
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > >
> > > >
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion
> > > List as:
> > > thor@xxxxxxxxxxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion
> > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as:
> > thor@xxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as:
> thor@xxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
Other related posts:
