[isalist] Re: Help with access rules (no preaching please)
- From: "Roy Tsao" <caohuiming@xxxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Sat, 13 Oct 2007 00:00:42 +0800
ISA shall be placed as downstream if authentication is required but
I am still wondering if such downstream scenario works because IWSS
and ISA seem looped on same machine.
----- Original Message -----
From: Jim Harrison
To: isalist@xxxxxxxxxxxxx
Sent: Friday, October 12, 2007 9:56 PM
Subject: [isalist] Re: Help with access rules (no preaching please)
Amy,
Actually, that's not true. In the context of the traffic flow from the
client to the endpoint server, ISA _is_ either "upstream" or "downstream" from
IWSS, regardless of where IWSS is installed.
..lemme 'splain:
Traffic doth flow thusly:
(ISA downstream) Client --> ISA --> IWSS --> Web Server
..or thusly:
(ISA upstream) Client --> IWSS --> ISA --> Web Server
It doesn't matter that the two applications share the same processor space;
the traffic still flows serially.
In either case, ISA policies will determine whether ortnot IWSS gets the
traffic. but the simpler scenario is defined when ISA is "upstream" from IWSS
because you don't have to configure (and manage) ISA web chaining rules to
accomplish the task.
Jim
------------------------------------------------------------------------------
From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On Behalf
Of Amy Babinchak [amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
Sent: Friday, October 12, 2007 6:03 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Help with access rules (no preaching please)
Nathan,
Your ISA box is neither upstream nor downstream because you are installing on
the same box. This means, using your example, that your rule would be localhost
to external. You are going to have to interpret the instructions to your
situation.
Amy
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Nathan
Sent: Friday, October 12, 2007 12:37 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Help with access rules (no preaching please)
Hi,
I have a need to install ISA 2006 SE on the same box as Trend Micros IWSS. We
don't have enough hardware to install on 2 seperate pieces of hardware.
I am having trouble setting this up with either the ISA being an upstream or
downstream server. I am not sure which way is best.
There are 2 KB articles on the Trend site saying how to install in either
situation.
ISA upstream
http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-126115&id=EN-126115
ISA downstream
http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-124425&id=EN-124425
We want ISA to do the authenticating.
This is the screen that you edit the IWSS properties
I just can't seem to get this to work. Are there any special Access Rules
that you need to setup to have IWSS pass traffic to ISA? To have ISA as
upstream all the doc above says is to open Internal to External, but this
doesn't seem to work.
I have tried to find sites with other products that do the same kind of
thing, but nothing seems to make this work.
We had this working with ISA 2000 but 2006 this is way different.
This is a fresh ISA install.
All help really appreciated.
Thanks
Nathan
Lara, Vic, Australia
ExchangeDefender Message Security: Check Authenticity
Other related posts:
