RE: FE Vs BE
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 13 Jul 2005 13:30:58 -0500
Hi Ruba,
IMNSHO = In my not so humble opinion
IOW = In other words
LITFA = Leave it the f*** alone
:-)
HTH,
Tom
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: Ruba Al Omari [mailto:romari@xxxxxxxxxxxxxxxxx]
Sent: Wednesday, July 13, 2005 1:23 PM
To: [ISAserver.org Discussion List]
Subject: RE: [isalist] RE: FE Vs BE
Thanks, helpful as usual.
Except that I don't know what IMNSHO , IOW and LITFA stand for
:)
r.
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Wed 7/13/2005 4:37 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: FE Vs BE
http://www.ISAserver.org
Hey Jim,
Good point. I forgot about all those "open a port" PIX admins
who think
of the DMZ as only a party down net. Guess this is a good reason
to
start referring all of them as perimeter networks, which is what
ISA
UA(UE?) has been trying to get me to do now for five years :)
Guess I got to hand it to Adina for being right on this one
:-)))
Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
> -----Original Message-----
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> Sent: Wednesday, July 13, 2005 8:31 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: FE Vs BE
>
> http://www.ISAserver.org
>
> Hi Tom,
>
> I didn't mean to suggest that "DMZs is ded", just that the
> "old school"
> use for them has passed on.
> As you point out, they've actually evolved into something
> more than was
> originally intended (thanx in no small part to ISA).
>
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Wednesday, July 13, 2005 6:27 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: FE Vs BE
>
> http://www.ISAserver.org
>
> Hey Jim,
>
> Actually, I would put the FE in a "authenticated access" DMZ,
since it
> still an Internet facing device. Not a classical "party down
> on my NICs
> anonymously DMZ", but it still allows inbound connections that
are
> either auth'd at the ISA firewall first, or at the destination
server.
>
> Of course, you would have to remove the SMTP inbound relay
> from the FE,
> since these need to be anonymous connection, so a third
> perimeter would
> be appropriate for an inbound SMTP relay, which allows
> anonymous inbound
> connections.
>
> I'll not ?buy into the whole "deperimeterization" hokey I'm
> hearing until
> they can demonstrate that it works in the non-digital world
the
> proponents live in -- and at least until we're hooked up to
personal
> "deflector shields", the whole deperimeterization talk is just
that --
> enabling speakers to create controversy at conferences.
>
> IMNSHO :)
>
> Tom
> www.isaserver.org/shinder
> Tom and Deb Shinder's Configuring ISA Server 2004
> http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
>
>
>
> > -----Original Message-----
> > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> > Sent: Wednesday, July 13, 2005 8:20 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: FE Vs BE
> >
> > http://www.ISAserver.org
> >
> > Hi Ruba,
> >
> > The BE/FE deployment was designed to accomplish two things:
> > 1 - allow the Exch admin to create a "security zone" between
the
> > Internet and Intranet sides of Exch
> > 2 - allow the Exch admin to "spread the load" for different
Exch
> > functions across multiple machines.
> >
> > Since ISA pretty much obviates the need for a DMZ, you
> don't need the
> > FE/BE deployment for security reasons.
> > Unless you can show that the Exch FE/BE combination is
overloaded,
> > there's no need to separate them.
> >
> > IOW, if it works, LITFA...
> >
> > -----Original Message-----
> > From: Ruba Al Omari [mailto:romari@xxxxxxxxxxxxxxxxx]
> > Sent: Wednesday, July 13, 2005 12:10 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] FE Vs BE
> >
> > http://www.ISAserver.org
> >
> >
> > When publishing exchange 2003 (OWA and SMTP) through ISA2004
with an
> > SSL, is it better to use FE and BE configuration or is it
> as secure as
> > using ISA2004 with BE directly without having FE?
> >
> >
> >
> > Thanks,
> >
> > r.
> >
> > ------------------------------------------------------
> > List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > World of Windows Networking:
http://www.windowsnetworking.com
> > Leading Network Software Directory:
http://www.serverfiles.com
> > No.1 Exchange Server Resource Site:
http://www.msexchange.org
> > Windows Security Resource Site:
http://www.windowsecurity.com/
> > Network Security Library: http://www.secinf.net/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > jim@xxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> > All mail to and from this domain is GFI-scanned.
> >
> >
> > ------------------------------------------------------
> > List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > World of Windows Networking:
http://www.windowsnetworking.com
> > Leading Network Software Directory:
http://www.serverfiles.com
> > No.1 Exchange Server Resource Site:
http://www.msexchange.org
> > Windows Security Resource Site:
http://www.windowsecurity.com/
> > Network Security Library: http://www.secinf.net/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
Discussion
> > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
>
> ------------------------------------------------------
> List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
List as:
> jim@xxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> All mail to and from this domain is GFI-scanned.
>
>
> ------------------------------------------------------
> List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: romari@xxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
