Hi Tom, I setup the server with the vanilla install and imported my rules and they all work. This is not how I really want to install my ISA server though. I like the fact of being able to set it up giving it the knowledge of where it lies on the network. Setting it up this default way makes me wonder what security I am giving up by not having it know that it is the front end firewall. Almost as if I am duping it into working. Plus, I would rather install it correctly the first time rather than try and make a huge type of configuration change later on down the line. What doesn't make sense to me or the knowledge I am lacking is that even when ISA server itself creates its own rule for the perimeter network to have unrestricted external access the traffic is still not allowed to pass. I have finally convinced my corporate office to drop Sonicwall and switch to ISA and I would really like to have this understood before I go out there and implement it for them. Steve -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Thursday, September 23, 2004 11:29 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Front End Firewall http://www.ISAserver.org Hi Stephen, The templates are useful if you already know what you're doing. They're less useful if you don't already know how everything works. Try setting your Network Rules and Access Rules manually and see how that works. HTH, Tom www.isaserver.org/shinder Get the book! Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Stephen Herrera [mailto:sherrera@xxxxxxxxxx] Sent: Thursday, September 23, 2004 1:15 PM To: [ISAserver.org Discussion List] Subject: [isalist] Front End Firewall http://www.ISAserver.org Ok I thought I was going crazy trying to setup my Front End ISA2k4 Firewall in a back to back setup. It seems by default no matter what rules I put in the perimeter network (DMZ) will not be allowed any access out. I went through the template wizard and selected the open all traffic just to test this theory and even though it created the rule DMZ traffic was not allowed access to the Internet. I then ran the template again using the back end firewall (all same ip schemes) and now that ISA believe my private IPs were internal not perimeter everything worked fine. What am I missing to be able to allow my DMZ to go out? Steve ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: sherrera@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx