RE: FYI: ISA on SBS

• From: "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 14 Jul 2003 18:25:10 -0700

Ok, now I understand what you are talking about. That is setting up the
e-mail client as an Exchange client as opposed to a POP3 client.

 

I think that has to go back to Amy's point. There are 2 types of small
business, those that seek to utilize the technology available, and those
that use technology to help get there job done.

 

Small business company profile 1: Those that seek to utilize the technology
available are going to want to use the features of Exchange and SBS,
including ISA. They will most likely use OWA and remote clients using their
e-mail client configured as an Exchange client. This kind of business will
seek and pay for SBS and ISA and use its features and if recommended use SBS
without ISA and have another box in front running ISA. (BTW, I still am
going to come up with a new small size cube box for the ISA device.)

 

Small business company profile 2: This kind of company uses technology in
the course of business out of need or assistance to promote/assist their
work. This company may use a app that uses a SQL DB, and as Amy pointed out,
may have a small static website that promotes their business, maybe even
some dynamic that say pulls lists from the DB. This company does not want to
fully utilize the features of Exchange or IIS, but rather the pricing is
enough to make SBS attractive rather than buying the OS and SQL separately.
They may have a dozen or so remote users, but they have the mail client
setup with POP3 or their e-mail is hosted else where. In this case, having a
SonicWall or other SOHO device is quite logical to meet the client needs.

 

I think what it really boils down to is there is 2, or maybe even 3 types of
Small business and they each require different approaches; Those that
embrace technology and those that use technology and those that use
technology but only if they feel it is worth the money. (I have one of those
3rd type. He has no firewall at all!)

 

John Tolmachoff MCSE CSSA

Engineer/Consultant

eServices For You

www.eservicesforyou.com

 

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
Sent: Monday, July 14, 2003 5:42 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: FYI: ISA on SBS

 

http://www.ISAserver.org

Hi John,

 

With ISA Exchange RPC publishing, it just opens 135 inbound, and only for
the Exchange specific UUIDs. If you don't use ISA, then you allow 135
inbound for any UUID, and then you have to open all high number ports
inbound, since the server can assign itself any ephemeral port. Check out:

 

http://support.microsoft.com/default.aspx?scid=kb;EN-US;148732

 

It has good info and links on the problematic nature of doing this without
ISA.

 

Thanks!

Tom

Thomas W Shinder 
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1 
Configuring ISA Server: http://tinyurl.com/1llp 

-----Original Message-----
From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] 
Sent: Monday, July 14, 2003 11:40 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: FYI: ISA on SBS

http://www.ISAserver.org

First off, I have to admit I am not familiar with the technical side of RPC
publishing.

 

What port ranges are used and how does it work?

 

John Tolmachoff MCSE CSSA

Engineer/Consultant

eServices For You

www.eservicesforyou.com

 

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
Sent: Monday, July 14, 2003 9:21 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: FYI: ISA on SBS

 

http://www.ISAserver.org

Hi John,

 

Yes please! I'd like to hear more of your observations on this.

 

However, the problem with the sonicwall firewall setup is that if you run
ISA Server 2000 on the SBS box that runs the Exchange Server, you cannot
avail external users of Exchange RPC publishing. The only way to do this is
to disabling packet filtering, in which case, there's no point to even
installing ISA Server, since its no longer a firewall without packet
filtering protection. The Problem is that there's no way to disable RPC
socket pooling. When you can't disable socket pooling, you can't create
Server Publishing or Web Publishing Rules on that socket. The only other
option is to create packet filters, but in order to create packet filters,
you have to open the entire ephermal range of ports using static packet
filters, which gets back to the poor security provided by tradition packet
filtering based devices like PIX or sonicwall, and the reason why you want
an ISA based appliance in front of the SBS box so that the customer is able
to fully take advantage of the Exchange Server and remote Outlook
2000/2002/2003 client.

 

Thanks!

Tom

 

 

Thomas W Shinder

 <http://www.isaserver.org/shinder> www.isaserver.org/shinder 

ISA Server and Beyond: http://tinyurl.com/1jq1

Configuring ISA Server:  <http://tinyurl.com/1llp> http://tinyurl.com/1llp

 

 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
johnlist@xxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

Other related posts:

• » FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS
• » RE: FYI: ISA on SBS

1. Home
2. isalist
3. Archive
4. 07-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---