Re: Firewall Client & Default Gateway
- From: "Rob Moore" <RMoore@xxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 10 May 2004 13:35:36 -0400
I get it now. The reason you don't want to have a default gateway is so
you can use rules that can't be got around! Thanks.
Rob
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Monday, May 10, 2004 1:32 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Firewall Client & Default Gateway
http://www.ISAserver.org
Remember; many of the recommendations you read in books, articles, email
(mine included) are exactly that; recommendations.
If you have a different need for a particular purpose, then you should
do what you need to to get your job done.
If you disallow default gateways for Joe(sephene) User, and you limit
all outbound access to user-based rules, then they can't circumvent your
ISA policies.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://www.microsoft.com/isaserver
http://isaserver.org/Jim_Harrison
http://isatools.org
Read the help, books and articles!
----- Original Message -----
From: "Rob Moore" <RMoore@xxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, May 10, 2004 10:16
Subject: [isalist] Firewall Client & Default Gateway
http://www.ISAserver.org
Hello--
In "Configuring ISA Server 2000," Dr. Shinder writes, regarding
configuring a firewall client with a default gateway, "In your
production environment, you should not configure your firewall clients
with a default gateway." (page 400)
Two questions:
1. Why not?
2. What about a few of us in IT who need to be able to ping? Should I
configure these machines with a default gateway, or configure them as
SecureNAT clients?
I guess that's kind of three questions. Oh, well.
Thanks,
Rob
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Rob Moore, MCSE
Network Manager
American Friends Service Committee
215-241-7870
rmoore@xxxxxxxx
Our greatest glory is not in never failing but in rising every time we
fall.
--Confucius
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rmoore@xxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
