RE: HTTP traffic and routing
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 11 Aug 2004 12:00:28 -0500
Hi Alejandro,
I guess I don't understand your scenario, if the ISA firewall is inline,
everything goes through the firewall and all connections are exposed to
stateful filtering and stateful application layer inspection.
Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
-----Original Message-----
From: Alejandro Fernandez [mailto:fernandeza@xxxxxxxxxxxx]
Sent: Wednesday, August 11, 2004 11:56 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: HTTP traffic and routing
http://www.ISAserver.org
Anyone??
My boss want's to implement another firewall solution and I'm trying to defend
ISA!!
What he wants to implement is the following. We have a router with 2 Internet
connections attached to ISA's external interface. He want's the router to make
the NAT so with policy routing he can decide which link the traffic should
follow. ISA should only route the requests from SNAT clients on the Internal to
the External if they are approved according to the firewall rules. If the
clients are web proxy the requests should leave with ISA's external Interface
IP address.
Is this possible? I really want to implement ISA and not the other firewall....
TIA
Alejandro
-----Original Message-----
From: Alejandro Fernandez [mailto:fernandeza@xxxxxxxxxxxx]
Sent: Martes, 10 de Agosto de 2004 04:26 p.m.
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: HTTP traffic and routing
http://www.ISAserver.org
Yes Tom, I have read them, they are great! I was missing the newest article,
that made it.
Now I have a new question also related to this.
I set ISA to route between the Internal network and the External network. On
the host on the internal network no proxy configured. I create a rule to allow
HTTP and ICMP between Internal network and External network. As far as I
understand this shouldn't work (I shouldn't be able to get out as I have a
private IP range) and it doesn't for ICMP or other protocol but it does for
HTTP. I am able to browse web sites so I asume ISA is doing NAT on HTTP
requests.
Is there any way to configure this behaviour?
Just trying tu fully explore ISA before implementation...
Thanks,
Alejandro Fernández
fernandeza@xxxxxxxxxxxx
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Martes, 10 de Agosto de 2004 03:18 p.m.
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: HTTP traffic and routing
http://www.ISAserver.org
Hi Alejandro,
Have you been reading the DMZ articles over at www.isaserver.org?
Tom
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
