RE: Front End Firewall

  • From: "Stephen Herrera" <sherrera@xxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 23 Sep 2004 13:15:15 -0700

Hi Tom,
I setup the server with the vanilla install and imported my rules and they all 
work. This is not how I really want to install my ISA server though. I like the 
fact of being able to set it up giving it the knowledge of where it lies on the 
network. Setting it up this default way makes me wonder what security I am 
giving up by not having it know that it is the front end firewall. Almost as if 
I am duping it into working. Plus, I would rather install it correctly the 
first time rather than try and make a huge type of configuration change later 
on down the line.

What doesn't make sense to me or the knowledge I am lacking is that even when 
ISA server itself creates its own rule for the perimeter network to have 
unrestricted external access the traffic is still not allowed to pass. I have 
finally convinced my corporate office to drop Sonicwall and switch to ISA and I 
would really like to have this understood before I go out there and implement 
it for them.

Steve

 -----Original Message-----
From:   Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent:   Thursday, September 23, 2004 11:29 AM
To:     [ISAserver.org Discussion List]
Subject:        [isalist] RE: Front End Firewall

http://www.ISAserver.org

Hi Stephen,

The templates are useful if you already know what you're doing. They're
less useful if you don't already know how everything works.

Try setting your Network Rules and Access Rules manually and see how
that works.

HTH,

Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls



-----Original Message-----
From: Stephen Herrera [mailto:sherrera@xxxxxxxxxx] 
Sent: Thursday, September 23, 2004 1:15 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Front End Firewall


http://www.ISAserver.org

Ok I thought I was going crazy trying to setup my Front End ISA2k4
Firewall in a back to back setup. It seems by default no matter what
rules I put in the perimeter network (DMZ) will not be allowed any
access out. I went through the template wizard and selected the open all
traffic just to test this theory and even though it created the rule DMZ
traffic was not allowed access to the Internet.

I then ran the template again using the back end firewall (all same ip
schemes) and now that ISA believe my private IPs were internal not
perimeter everything worked fine. What am I missing to be able to allow
my DMZ to go out?

Steve


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
sherrera@xxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 09-2004