RE: FWC Client and Network within a Network
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 21 Jul 2005 21:42:08 -0700
Ah - you're talking about the DNS / DHCP, not the ISA config.
Have you tried the SBS_Wpad solution I posted?
It'll be interesting to see if it survives the multi-net environment,
too, although that's an unlikely scenario when ISA / IIS coexist.
-----Original Message-----
From: Ball, Dan [mailto:DBall@xxxxxxxxxxx]
Sent: Thursday, July 21, 2005 9:10 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: FWC Client and Network within a Network
http://www.ISAserver.org
Yes, it operates the same, but you have to configure it different.
You're still thinking of the "network-behind-a-network" scenario as
being the "only" way anyone would ever set up a "complex" network.
Reading his other response shows that he IS using that scenario, so you
get off lightly on this one... *grin*
The point I'm trying to make is that if you have multiple NICs in the
ISA server for separate "internal" networks (which you hinted at in
another message), then you have to configure the FWC and the WPAD
entries differently. Each subnet has to have different configuration
entries corresponding to the particular NIC on the ISA server facing
that network.
-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Thursday, July 21, 2005 8:44 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: FWC Client and Network within a Network
http://www.ISAserver.org
No, it doesn't.
The FW client operates the same regardless of the network environment.
Your point about the addresses is exactly what I was talking about the
net behind a net doc.
-----Original Message-----
From: Ball, Dan [mailto:DBall@xxxxxxxxxxx]
Sent: Thursday, July 21, 2005 12:52 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: FWC Client and Network within a Network
http://www.ISAserver.org
That all depends on if he is using the ISA server as the router or if he
is using the "network behind a network" scenario. If he is using the
ISA server as the central hub/router, then he'll have to put the
different addresses of the ISA server for each subnet into the FWC
settings. This is related to the wpad conversation we had last week.
-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Thursday, July 21, 2005 1:58 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: FWC Client and Network within a Network
http://www.ISAserver.org
I'm not clear on your concerns...
Installing the FWC on a host has nothing to do with whether or not it
belongs to network A or Network B.
If you want the ISA and "smart clients" (web and FWC) to handle this
complex network properly, then follow the instructions in the "net
behind a net" doc that you referenced and all should be well...
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: Peter [mailto:pladd@xxxxxxxx]
Sent: Thursday, July 21, 2005 09:43
To: [ISAserver.org Discussion List]
Subject: [isalist] FWC Client and Network within a Network
http://www.ISAserver.org
I know this question has been discussed in the past but I am concerned
about whether or not I should install the FWC on all of my User
Workstations or not. Any help would be greatly appreicated.
SITE 1: ISA Server 2004, Ext Interface Connected to "Internet" Router.
Internal Interface connected to 192.168.10.x subnet that has a PPP
connection via a second router to SITE 2 and SITE 3. All Servers
(mail,
web, domain et al local to site 1.
SITE 2: Connected to Site 1 and Site 3 via PPP. Local subnet
192.168.20.x. No direct connection to the Internet.
SITE 3: Connect to Site 1 and Site 2 via PPP. Local subnet
192.168.25.x.
No direct connection to the Internet.
SITE 2 and SITE 3 connect to the Internet via the ISA Server on SITE 1.
Question: Should I install the FIREWALL Client on all Desktops at EACH
SITE. In Tom's book there are references to using both the Secure NAT
and
the FWC on the remote subnets. I am confused by this. Also, I reply by
Thor (grealy appreciated btw) references installing the FWC on the
Desktops at the Remote sites but using their local router as the DGW.
Ideally, I want to install the FWC on ALL Computers, including the
Exchange Servers, DNS, and DC for the added secure communications. But
I
am not sure if I should do this. I have a lab setup but it is a single
subnet lab. Thus, I don't have the equipment to truly test this.
If I install the FWC on the desktops of the remote Clients and Servers,
should I then put their local router as their DGW?
Thank you for any commnets.
PS- I really like this board. I have been reading it daily since I
discovered it. thakns for all the posts.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
Other related posts:
