P.S.-
t
----- "I may disapprove of what you say, but I will defend to the death your right to say it."
http://www.ISAserver.org
Ouch... That's kinda dangerous.. To use a UNC share from the DMZ, you'll have to allow NetBIOS sessions from the DMZ to the internal network as well as at least LDAP and Kerberos from the DMZ to the Domain Controllers. You might get by with CIFS but I'm not sure. In addition, any compromise of the DMZ will yield a credential usable on the internal network. Not really cool...
Is there no better way for you to isolate the DMZ web server completely? How often does internal content change? It would be WAY better to come up with a process that updates the DMZ content from the Internal server when necessary...
t
----- "I may disapprove of what you say, but I will defend to the death your right to say it."
----- Original Message ----- From: "Prashanth" <prashanth@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, December 15, 2005 7:33 PM
Subject: [isalist] ISA 2004 Security issue
http://www.ISAserver.org
Hi, The web server (IIS 6.0,Windows 2003+sp1) is connected to ISA 2004 DMZ interface.
The file server(windows 2003+sp1) is located at ISA 2004 inside interface.
The virtual directory in the default website is pointing to a share folder
located at the file server.
i cannot browse using UNC path from web server pointing file server.
Pls let me know what ports i need to open between isa DMZ & inside interface.
web server IP:172.16.224.2 file server IP : 172.16.0.2
from web server cannot see directory listing ie. \\172.16.0.2\shared folder
Need help
Regards, Prashanth
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx