RE: FE Vs BE

• From: "Ruba Al Omari" <romari@xxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 13 Jul 2005 21:22:46 +0300

Thanks, helpful as usual.
Except that I don't know what IMNSHO , IOW and LITFA stand for :)

r.

________________________________

From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Wed 7/13/2005 4:37 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: FE Vs BE



http://www.ISAserver.org

Hey Jim,

Good point. I forgot about all those "open a port" PIX admins who think
of the DMZ as only a party down net. Guess this is a good reason to
start referring all of them as perimeter networks, which is what ISA
UA(UE?) has been trying to get me to do now for five years :)

Guess I got to hand it to Adina for being right on this one :-)))

Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls



> -----Original Message-----
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> Sent: Wednesday, July 13, 2005 8:31 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: FE Vs BE
>
> http://www.ISAserver.org
>
> Hi Tom,
>
> I didn't mean to suggest that "DMZs is ded", just that the
> "old school"
> use for them has passed on.
> As you point out, they've actually evolved into something
> more than was
> originally intended (thanx in no small part to ISA).
>
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Wednesday, July 13, 2005 6:27 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: FE Vs BE
>
> http://www.ISAserver.org
>
> Hey Jim,
>
> Actually, I would put the FE in a "authenticated access" DMZ, since it
> still an Internet facing device. Not a classical "party down
> on my NICs
> anonymously DMZ", but it still allows inbound connections that are
> either auth'd at the ISA firewall first, or at the destination server.
>
> Of course, you would have to remove the SMTP inbound relay
> from the FE,
> since these need to be anonymous connection, so a third
> perimeter would
> be appropriate for an inbound SMTP relay, which allows
> anonymous inbound
> connections.
>
> I'll not ?buy into the whole "deperimeterization" hokey I'm
> hearing until
> they can demonstrate that it works in the non-digital world the
> proponents live in -- and at least until we're hooked up to personal
> "deflector shields", the whole deperimeterization talk is just that --
> enabling speakers to create controversy at conferences.
>
> IMNSHO :)
>
> Tom
> www.isaserver.org/shinder
> Tom and Deb Shinder's Configuring ISA Server 2004
> http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
>
> 
>
> > -----Original Message-----
> > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> > Sent: Wednesday, July 13, 2005 8:20 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: FE Vs BE
> >
> > http://www.ISAserver.org
> >
> > Hi Ruba,
> >
> > The BE/FE deployment was designed to accomplish two things:
> > 1 - allow the Exch admin to create a "security zone" between the
> > Internet and Intranet sides of Exch
> > 2 - allow the Exch admin to "spread the load" for different Exch
> > functions across multiple machines.
> >
> > Since ISA pretty much obviates the need for a DMZ, you
> don't need the
> > FE/BE deployment for security reasons.
> > Unless you can show that the Exch FE/BE combination is overloaded,
> > there's no need to separate them.
> >
> > IOW, if it works, LITFA...
> >
> > -----Original Message-----
> > From: Ruba Al Omari [mailto:romari@xxxxxxxxxxxxxxxxx]
> > Sent: Wednesday, July 13, 2005 12:10 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] FE Vs BE
> >
> > http://www.ISAserver.org
> >
> >
> > When publishing exchange 2003 (OWA and SMTP) through ISA2004 with an
> > SSL, is it better to use FE and BE configuration or is it
> as secure as
> > using ISA2004 with BE directly without having FE?
> >
> > 
> >
> > Thanks,
> >
> > r.
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > World of Windows Networking: http://www.windowsnetworking.com
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Network Security Library: http://www.secinf.net/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > jim@xxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> > All mail to and from this domain is GFI-scanned.
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > World of Windows Networking: http://www.windowsnetworking.com
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Network Security Library: http://www.secinf.net/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> All mail to and from this domain is GFI-scanned.
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
romari@xxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » FE Vs BE
• » RE: FE Vs BE
• » RE: FE Vs BE
• » RE: FE Vs BE
• » RE: FE Vs BE
• » RE: FE Vs BE
• » RE: FE Vs BE
• » RE: FE Vs BE

1. Home
2. isalist
3. Archive
4. 07-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---